How to improve Google rank by changing your website from HTTP to HTTPS using SSL?

If you are hosting your own website and notice a "Not secure" keyword is displayed next to your URL:

... this means that you are still using non-secure "http" protocol or "https" without SSL certificate. A secured website will have a lock icon displayed next to your URL:

For non-e-commerce websites, it is fairly fine to keep it as non-secured. However, Google - the top search engine in the world, may lower your Google rank due to the fact that your site is not "secured". Basically, there are two tasks you need to perform in order to have Internet browsers such as Chrome showing the lockpad icon next to your URL:

  1. Start using https for your URL.
  2. Install an SSL certificate into your server.

There are many SSL resellers on the Internet and since year 2017, we have been using SSL Dragon in one of our websites:


Since we are not selling stuff in our website, we opted for the cheapest "Sectigo (formerly Comodo) PositiveSSL" with maximum of 3 years at the price of US$20.99 (as of May 2020). There are cheaper options out there but we do not want to bear the risk of having poor customer support (Tips: always check customer reviews online first). Payment is easy and one can pay by credit card or Paypal.


Apache 2 with SSL module

  1. Login to your web server (e.g. Ubuntu) with root access.
  2. Install SSL module for Apache2:
    a2enmod ssl
  3. Restart Apache2:
    service apache2 restart

Generate Public/Private Keys

Refer to Google article here:

Alternatively, below are manual steps:

  1. Login to your web server (e.g. Ubuntu) with root access.
  2. Issue the following command to generate RSA key pair:
    openssl genrsa -out www.<domain>.com.key 2048
  3. Enter the following command to generate Certificate Signing Request:
    openssl req -new -sha256 -key www.<domain>.com.key -out www.<domain>.com.csr
  4. Enter required information:
    Country Name (2 letter code) [AU]:<country>
    State or Province Name (full name) [Some-State]:<state>
    Locality Name (for example, city) []:<town>
    Organization Name (for example, company) [Internet Widgits Pty Ltd]:<company>
    Organizational Unit Name (for example, section) []:<contact>
    Common Name (e.g. server FQDN or YOUR name) []:www.<domain>.com
    Email Address []:<email>
  5. Skip (hit Enter) for both optional parameters:
    A challenge password []:
    An optional company name []:
  6. Go to your account inside SSL Dragon.
  7. Select SSL you just purchased.
  8. Click on "Configure Now".
  9. Order Type: New order
    Web Server Type: Any Other
  10. Copy-and-paste the content of www.<domain>.com.csr to local machine

  11. Enter your contact information.
  12. Click "Click to Continue".
  13. Select "HTTP" method:
  14. Click "Click to Continue".
  15. Return to your SSL detail page.
  16. You will notice two rows - "Hash Link" and "Txt File Content". You need to create a txt file in the directory as mentioned in "Hash Link" with the content defined in "Txt File Content":
  17. After creating the txt file, from SSL Dragon's SSL detail page, click on "Revalidate" button.
  18. Wait for a while, you should receive an email from Comodo.
  19. Download the zip file in the email.
  20. Extract the content to /etc/apache2/ssl.
  21. Copy www.<domain>.com.key you obtained after step 5 to /etc/apache2/ssl/private.This is your private key.
  22. Back to /etc/apache2/ssl.  
  23. Your Zip file from email should contain 4 files:
    1. Root CA Certificate - AAACertificateServices.crt
    2. Intermediate CA Certificate - USERTrustRSAAAACA.crt
    3. Intermediate CA Certificate - SectigoRSADomainValidationSecureServerCA.crt
    4. Your PositiveSSL Certificate - www_<domain>_com.crt
  24. You need to merge file 1, 2 and 3 into a single file such as COMODO-bundle.crt.
    cat AAACertificateServices.crt SectigoRSADomainValidationSecureServerCA.crt USERTrustRSAAAACA.crt >> COMODO-<domain>.crt
  25. You can then remove file 1, 2 and 3:
    rm AAACertificateServices.crt SectigoRSADomainValidationSecureServerCA.crt USERTrustRSAAAACA.crt

  26. Go to /etc/apache2/
  27. Edit apache2.conf:
    vi apache2.conf
  28. Search for “VirtualHost” keyword with your domain name in it.
  29. Add in lines in bold below:
    <VirtualHost *:80>
            DocumentRoot "/var/www/html/<domain>"
            SSLEngine on
            SSLCertificateFile /etc/apache2/ssl/www_<domain>_com.crt
            SSLCertificateKeyFile /etc/apache2/ssl/private/www.<domain>.com.key
            SSLCertificateChainFile /etc/apache2/ssl/COMODO-<domain>.crt

            <Directory "/var/www/html/littlecpu">
                    Options -Indexes
  30. Restart Apache2 service:
    apachectl stop
    apachectl start

CloudFlare Configuration

These steps are only applicable if you are using ClourFlare.

  1. Go to CloudFlare > your domain.
  2. Go to SSL/TLS > Edge Certificates.Set "Always Use HTTPS" to On.
  3. Under SSL/TLS > Overview, set to "Flexible":

Test Your SSL

  1. Reload your website.
  2. Make sure the lockpad is now shown:
  3. Go to
  4. Enter your URL in textbox provided.
  5. Make sure the grade is at least B:


  • A+ - exceptional configuration
  • A - strong commercial security
  • B - adequate security with modern clients, with older and potentially obsolete crypto used with older clients; potentially smaller configuration problems
  • C - obsolete configuration, uses obsolete crypto with modern clients; potentially bigger configuration problems
  • D - configuration with security issues that are typically difficult or unlikely to be exploited, but can and should be addressed
  • E - unused
  • F - exploitable and/or patchable problems, misconfigured server, insecure protocols, etc.


As you can see, enabling SSL is not too difficult if you are already a webmaster with full access to your web server. Personally, we have not try other SSL resellers as so far our experience with SSL Dragon is positive with fast customer support. Last but not least, content is still the king so make sure you update your website content frequently. 

Note: We are not affiliate of SSL Dragon. This article is just purely own experience in using their service.


About the Author


CheeWah (Waco) has more than 10 years working experience in IT fields, especially in software development and testing. Some of the key projects included software development and support for production/R&D, software test automation, and Search Engine Optimisation (SEO). He is a food lover and has a food blog at Little CPU acts as his IT knowledge sharing hub.