SSL certificates automatically protect all domains correctly pointing to your Squarespace site. This free security feature prevents hackers from impersonating your site or stealing visitor information.

SSL Certificate Eligibility:

• Squarespace domains (registered or transferred)
• Connected third-party domains
• Subdomains
• Built-in domains

Requirements:

• Third-party domains must be properly connected
• Domain names must be 63 characters or less
• Domains must point to a Squarespace site

SSL Settings:

1. Secure (Preferred) - Recommended default setting

• Automatically redirects to HTTPS
• Includes HTTPS links in sitemaps
• Improves SEO through HTTPS indexing
• Requires SSL-supporting browsers

2. HSTS Secure

• Recommended to keep enabled with Secure setting
• Encrypts connections
• Prevents site impersonation
• Eliminates "Your connection is not private" errors

3. Insecure

• Allows both HTTP and HTTPS access
• Includes HTTP links in sitemaps
• Search engines index HTTP version
• Not recommended for modern websites

Technical Specifications:

• Let's Encrypt provides DV SSL certificates
• Certificates refresh every 90 days
• 2048-bit SSL encryption (except checkout)
• TLS version 1.2 for HTTPS connections
• Automatic certificate issuance

Commerce and SSL:

• Checkout pages always use SSL protection
• 128-bit SSL encryption for transactions
• Level 1 PCI compliant
• Custom domains visible in checkout URL on Commerce plans

Benefits of SSL:

• Builds visitor trust
• Protects form submissions and checkout data
• Potentially improves site loading speed
• Enhances SEO performance

Important Notes:

• Cannot be disabled completely
• Works with subdomains
• Account login always encrypted regardless of settings
• May require custom code adjustments for mixed content
• Third-party SSL certificates not supported

For SSL issues, allow up to 72 hours for changes to take effect. Check your browser's padlock icon and https:// prefix to verify SSL protection.

Related Articles

Previous Articles