Use Hypertext Transfer Protocol Secure (HTTPS) on your domain

Hypertext Transfer Protocol (HTTP) is a set of rules that browsers use to determine how to read and transfer data over the web. When a URL includes 'http', the browser knows to follow this protocol to successfully load a web page.

HTTPS is the same as HTTP except HTTPS tells a browser to encrypt the data exchanged with a web page. Encryption disguises data and lessens the chance of your information being viewed or manipulated. This is important when a website includes sensitive data like your personal details or financial information.

Set up HTTPS

To use HTTPS with your domain name, you need an SSL or TLS certificate installed on your website. Your web host (web hosting provider) may offer HTTPS security, or you can request an SSL/TLS certificate from a certificate authority and install it yourself. SSL/TLS certificates may need to be renewed periodically.

There are different types of web servers, and each has its own process for installing and updating SSL/TLS certificates. You'll need to find out which web server your website is using and follow its instructions for installing and updating your certificate.

HTTPS from web hosts

The following Google services automatically issue, install and renew SSL/TLS certificates at no additional cost:

Many third-party web hosts also issue, install and renew SSL/TLS certificates. You can use any web host in combination with Google Domains, including Bluehost, Shopify, Squarespace, Weebly and Wix.

Learn how to connect to a web host and set up HTTPS. 

Get an SSL/TLS certificate from a certificate authority (CA)

If your web host doesn't offer HTTPS security, you can obtain an SSL/TLS certificate for your domain from a CA. Let's Encrypt is a CA that provides certificates in the interest of creating a safer Internet.

You must work with your web host to install the certificate. If you host your site on your own servers, learn how to enable HTTPS.

Safeguard your SSL/TLS certificates 

HTTPS helps prevent Man-in-the-Middle (MitM) attacks, but if someone can impersonate your SSL/TLS certificate, those attacks are still possible. To prevent such attacks, you should review any certificates issued for your website that you don't recognise. You can also restrict who can issue certificates for your domain with Certification Authority Authorisation (CAA) resource records.

View certificates issued for your domain

To review certificates issued for your domain, you can search on censys.io.

Add CAA resource records to your domain

CAA resource records give you the ability to control who can issue SSL/TLS certificates for your website. Learn more about CAA resource records.

 

 

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue

Search
Clear search
Close search
Google apps
Main menu
Search Help Centre
false
false
true
true
93020
false
false