This isn’t about how your website is designed — as you note, the HTML doesn’t change. It’s about how your site is hosted.
When you use https, the connection requested by your browser is different. Behind the scenes, https is a completely different protocol than http. Your web server needs to understand and support that for your site.
How you make that happen isn’t standard, but it is getting easier.
Become a Patron of Ask Leo! and go ad-free!
Https depends on your host
Like desktop computers, internet servers can run any number of different operating systems. A variety of versions of Linux are most common, though there are Windows servers as well as other operating systems.
Just like there are several different word processors available for your desktop computer, there are several different web server packages to handle website management. Apache is the most common, on both Linux and Windows, as is Nginx, and, of course, Windows’ own Internet Information Services (IIS).
To further confuse the topic, there are also server management packages used by web-hosting companies to manage multiple websites hosted on the same server. These packages — Web Host Manager (WHM) (aka cPanel) being the most common — configure specific websites and other website administrivia, including https.
Ask Leo! runs on Apache software running on a Centos (Linux) distribution, managed by cPanel. Setting it up as https was a configuration process within cPanel.
The one thing common across all HTTPS websites is what’s called a “secure certificate.”
In the past, you’ve needed to purchase your own secure certificate, but — again, depending on your web host — there are now automated processes that can generate and install a secure certificate for free.
A certificate is that bit of encryption technology that makes a website secure. It encrypts the data as it travels between the browser and the website. More importantly, a certificate confirms to the browser and website visitors that they are actually connecting to the site they think they are.
Anyone can get a free certificate. If your site is processing payments or otherwise handling sensitive data, you may want to pay for a more rigorously validated certificate to provide additional security assurance to your visitors. If all you do is provide content, however, a free certificate may be all you need.
Is HTTPS necessary?
In the past, the answer has been “only if you’re processing sensitive data”. That answer has changed, kind of.
Search engines, specifically Google, now include your sites’ availability in https as one of the over 200 signals it uses when deciding where to place your site in its search results. All else being equal1, a page delivered via https is said to rank higher than http.
Bottom line: talk to your web host
Exactly how you set up your site to be https, including whether free certificates can be used, depends entirely on your web host. The process can range from simple to complex, but they’re the ones that should be able to help you.
The good news here is that https is more and more common, and most web hosts are ready to help.
If you found this article helpful, I'm sure you'll also love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and give you more confidence with technology. Subscribe now and I'll see you there soon,
Footnotes & References
1: All else is never equal, but the sense is that https is a positive signal to Google, while non-https is a neutral signal.