How do I setup SSL on my domain name?

You can add SSL for your custom domain pointing to your Subbly store, I will show you how in this guide. SSL encryption is becoming more and more expected and standard for running a website. More and more modern browsers are checking for secure (encrypted) versions of websites now. And if the server responds saying SSL is enabled they will default to attempting to load the HTTPS version of the site, even if the server isn't signed for your domain (which may happen with Subbly, as SSL requires manual setup for each domain). So if this is happening to you, then please read on! There is an easy solution that takes 15 minutes to setup.

SSL? Secure What? HTTPS? Encryption?

You may be familiar with what a web address (URL) looks like:

http://www.subbly.co

Notice that there is "http" at the beginning. This tells the browser to use HTTP protocol. This is an insecure method of fetching the data as the connection between your browser and the server is not encrypted using an SSL certificate (I know... more technical jargon).

https://www.subbly.co

This time we have "https" as the protocol. This tells the browser to connect using HTTPS, the "S" meaning "Secure". The browser will then take some additional steps to do a "handshake" with the server (us) using an SSL certificate to verify the server, and then return the information encrypted so no one can snoop on the information being passed in transit. This is why we secure all checkout and payment related URLs for your customers to remain secure. This is actually a legal requirement when dealing with credit card information.

Do I need SSL?

No, all the areas that need to be secured by SSL are already secured by us. So your customers are safe. However, in the introduction of this article I mentioned how modern browsers are defaulting to HTTPS, especially if you don't specify (as in you don't add "http" or "https" when typing it in) and it's "on" at the server.

Given that our servers don't have SSL certificates in place for your domain names (that's how it works), the browser might throw a warning saying "unsecure content" or "not secure" or "connection not private". If this is the case, don't panic there is an easy fix.

Benefits of SSL

However, don't just stop there if you think "I don't need it". There are some serious benefits to having SSL setup on your custom domain for your site, and we highly recommend it. Here's why:

  1. It could help with your sites SEO (Search Engine Optimisation), and therefore rankings on Google.
  2. It will build trust with your potential customers better, they like to know they are safe online and the browser adds a nice green checkmark that shows this clearly.
  3. It will keep your customers even more safe.
  4. it will future proof your site.

How do I add SSL to my custom domain?

I'm glad you asked. It's actually pretty straightforward these days. The easiest way is to use Cloudflare to do this. Best of all, it's free.

Cloudflare

Cloudflare has a free plan, and there are lots of great benefits to using Cloudflare to manage your sites domain name. It speeds you site up (happier visitors, higher conversions), it protects your site from attacks, it makes it super easy to manage your domain name records, and it gives your free SSL encryption.

It's really easy to setup and they wrote an entire guide on it themselves.

In a nutshell:

  1. You need to register an account with Cloudflare.
  2. You will need to login to your domain registrar and change your name servers to point to Cloudflare.
  3. You make sure the DNS records are correct.
  4. Then you simply turn SSL on in your Cloudflare admin under the Crypto tab. You want to enable "Flexible SSL".
  5. [Bonus] Use a page rule to force SSL for visitors to your site.

The guide can be found here.

Click here for the guide to setup Cloudflare


Enable SSL in Cloudflare

Once you have created your account you will want to enable the "Flexible SSL" option in your "Crypto" tab inside your Cloudflare account. Then after this we recommend you add a page rule to enforce HTTPS for your visitors.