All responsive websites can have an SSL certificate generated for them. The solution leverages the LetsEncrypt project, which is an open source Certificate Authority that provides free certificates. The solution does require that you have a domain pointed at your hosted website successfully.
Do I need HTTPS?
Using a secure connection ensures prevents data from being modified or corrupted during transfer. With a secure site, visitors can trust your website is displaying the content that you intended.
In addition, using a secure HTTPS connection is a minor ranking indicator, benefiting your site's overall SEO.
Once your website is published and configured with a custom domain, you can navigate to the “Site URL & Secure Connection” section, and click on “Generate Certificate”. The CNAME for the custom domain must be set up correctly in order for this feature to appear in your Editor.
The process, which includes provisioning the request to Let’s encrypt and configuring the newly generated SSL certificate, is fully automated and may take up to 30 minutes. During the provisioning process, an “In progress” status indicates that the request is being handled.
Once completed, the provisioning status is changed to “Complete”, and an approval email is sent to the account owner.
You can enable the force SSL option to make sure that your site will always be accessed via SSL. Any visitor will be redirected to the secure connection once this switch is turned on.
An SSL certificate is never deleted by your provider unless the user click on the “Remove certificate” link.
Important details about secure connections
- When your site is secure it is important that you enter the complete address, including the "www" after the "HTTPS://". Your site will not load if you enter your site address without the "www", (e.g. "https://example.com") in a browser.
- Certificates for sites are valid for three months. Two weeks prior to the end of the certificate, your provider will renew the certificate to ensure that the site remains secure and valid.
- Once your site has been set up with a certificate you will see a small lock icon in your Dashboard to indicate that the site is a secure site.
- Your provider's secure connection uses the DV (Domain Validated) certificate.
- Our SSL implementation is not compatible with Windows XP and Android 2.0 or later.
Using custom or third-party code in SSL sites
Due to HTML standards, HTTP or non-secured content cannot be displayed in HTTPS or secure sites. This means that any custom code which relies on loading content from an HTTP server will not work in an SSL site. If you need to use code which normally loads from an HTTP server, we recommend either:
- Requesting HTTPS-friendly code from your code provider, or
- Disabling HTTPS for your platform site
As our platform editor displays by default on an HTTPS connection, one good way to test whether or not code will work in the final site is to see if it works in the editor. If it does not, it is equally unlikely to work in a live HTTPS site.