Actually, it’s the browser that makes the request for an encrypted connection.
When you specify HTTPS to connect to a website, the actual connection requested by the browser is different. That’s something that you need to set up on your site – and you’re quite correct. The HTML doesn’t need to change for that.
What needs to change is how your website is hosted. Unfortunately, how you specify that your site supports HTTPS is not something that is standard.
Become a Patron of Ask Leo! and go ad-free!
HTTPS depends on your host
Many different kinds of software are used to host websites on the internet. If the site was on one of my servers, I would set up a separate site and configure it to be secure. But that may not apply to other websites and specifically, it may not apply to yours.
You need to talk to your web host provider – the people that own the servers where your website lives. They’ll tell you what you need to do to make a secure website that is connected through HTTPS.
The one thing that is common across all HTTPS websites is what’s called a “certificate.” You will need to purchase this.
A certificate is that bit of encrypted technology that makes a website secure. It encrypts the data when it travels between the browser and the website. More importantly, a certificate confirms to the browser and your visitors that they are actually connecting to the site that they think they are.
You’re going to have to pay for a certificate. That’s something that you purchase usually yearly or on a three-year plan, but the bottom line is it’s an ongoing expense. It’s typically not that expensive, but it’s probably more expensive than the hosting you’re paying.
Is HTTPS necessary?
The only other thing I would suggest is to make sure that HTTPS is actually necessary.
HTTPS is important if you’re doing any kind of online commerce or asking people to enter what would be considered to be sensitive information. If they’re entering financial information, credit card numbers, and that kind of thing, then you need a secure website.
An alternative is to actually use a third party for that kind of thing. For example, my own online store is initially not encrypted nor is it a secure website. But when somebody adds an item to a cart or wants to checkout, they actually go to a third party service that I use. Their website is HTTPS, so it’s secure and they do all of the data collection of that sensitive information on to their secure servers. I don’t have to worry about any of that.
That might be a little bit easier than trying to set up your own HTTPS website. Depending on what your needs are, you can go either way.
The bottom line is this – be sure your site needs HTTPS. If so, consider using a third party to provide HTTPS to collect sensitive information. But if it’s really important that your site have HTTPS, talk to your web host provider to create an HTTPS website of your own with a certificate.