HTTPS active
Imagine sending a letter to your friend. HTTPS is like sealing it in an envelope with a secret code, so nobody can read it along the way. Wi…
Analyse my site for freeUnderstanding "HTTPS active"
HTTPS (HyperText Transfer Protocol Secure) is the encrypted version of HTTP. It relies on TLS (Transport Layer Security) to create an encrypted tunnel between the visitor's browser and your server, ensuring three fundamental properties: confidentiality (data cannot be read by a third party), integrity (data is not tampered with in transit) and authentication (the visitor verifies they are communicating with your real server).
Since 2018, Google Chrome has displayed a "Not Secure" warning in the address bar for all HTTP sites. Google has included HTTPS as a ranking signal since 2014. Today, over 95% of web traffic is encrypted — an HTTP site is the exception, not the rule. Without HTTPS, your site loses credibility, SEO ranking, and exposes your visitors to real risks.
How TheSiteFuse checks "HTTPS active"
TheSiteFuse opens a TLS connection on port 443 of the audited domain. The check verifies that the TLS handshake succeeds, that the certificate is valid (issued by a recognised authority, not expired), and that the domain name matches the certificate (via the SNI extension). In case of failure — port 443 closed, self-signed certificate, chain error, expiry — the check is marked as an error.
Why "HTTPS active" matters
Absence of HTTPS exposes your site and visitors to several risk categories:
- Data interception — on public Wi-Fi (café, hotel, airport), anyone can capture HTTP traffic with common tools. Passwords, form data and cookies travel in plaintext.
- Session hijacking — unencrypted authentication cookies can be captured and reused to impersonate a logged-in user.
- Content injection — some ISPs and mobile operators modify HTTP pages to insert advertising. Malware on compromised routers can inject arbitrary code into your pages.
- Browser warning — Chrome, Firefox and Safari all display a visible warning that frightens visitors and increases bounce rate.
- SEO penalty — Google penalises HTTP sites in its ranking, reducing your visibility in search results.
Fix "HTTPS active" step by step
Step 1 — Obtain an SSL certificate
Let's Encrypt is the recommended solution: completely free and automated. On shared hosting providers (OVH, Infomaniak, SiteGround…), look for "SSL/TLS" or "Let's Encrypt" in your control panel — usually a single button.
On a VPS or dedicated server (Debian/Ubuntu):
sudo apt install certbot python3-certbot-apache # For Apache: sudo certbot --apache -d mysite.com -d www.mysite.com # For Nginx: sudo apt install certbot python3-certbot-nginx sudo certbot --nginx -d mysite.com -d www.mysite.com
Step 2 — Verify automatic renewal
Let's Encrypt certificates expire after 90 days. Certbot automatically sets up a systemd timer. Test it safely:
sudo certbot renew --dry-run sudo systemctl status certbot.timer
Step 3 — Configure HTTP → HTTPS redirect
Once the certificate is installed, force all traffic to HTTPS (see the "HTTP → HTTPS redirect" check).
Step 4 — Verify your TLS configuration
After installation, test your configuration on SSL Labs (ssllabs.com/ssltest/). Aim for a grade A or A+.
Reference resource
To deepen your understanding of the technical concepts behind this check, see the dedicated Wikipedia article.
Wikipedia — HTTPS activeDoes your site pass this check?
Run the free full audit (120 checks) and instantly discover what needs fixing.