We are extremely excited to be nearing the end of a major Gutensite platform rebuild which will offer a completely new design, workflow and modern framework. This ambitious work on the 2.0 platform has taken all of our attention for the last 2 years. We will be sharing more information about 2.0 really soon, but in the meantime, one benefit of this development is going to be available for all our clients on the current 1.0 platform as well.
So the good news is that we have just finished our new system for automatically providing free SSL certificates to every domain and website on our platform!
In the past, the only way to get an SSL certificate was to have us purchase one privately and then manually install it (for a cost of $100). Now SSL Certificates are automatic and free, because we developed a sophisticated system that interfaces with an open certificate authority called Let's Encrypt and automatically creates, installs and renews these certificates every 3 months (which is more secure than a standard 1 year renewal).
What are the benefits of SSL?
We recently wrote about the benefits of ensuring your site is secured with an SSL certificate. In summary, an SSL Certificate will make sure that your visitor's information and activities are secured and safe from injection attacks or stealing private data or browsing activity. This protection is rewarded by Google by giving your site a small search engine ranking boost. And having a secure site will help you site look professional and trustworthy (browsers will display a "secure" mark in the tab, instead of a negative warning). In addition, when your site uses SSL, it allows the browser and server to take advantage of HTTP 2.0, which allows asynchronous downloading of resources (e.g. 100 images and CSS Files at a time instead of 1 image after the other time).
What if I have a custom SSL certificate I already paid for?
You can continue using your personal SSL certificate if you want. It's actually less secure than our free certificates (because it is only renewed every 12 months instead of every 3 months), so we don't recommend mantaining a personal certificate for most people. The difference is that your personal SSL certificate will have your full company name and address if someone goes in to view it. This could be valuable for a larger organization, but most people don't know how to view these certificates, so it has little ROI and under most circumstances isn't necessary.
Example of the Details of a Free Let's Encrypt Certificate
Â
Example of the Details of a custom Certificate with Company Name
Â
WHAT DO I NEED TO DO?
For most people, you don't need to do anything. We will automatically enabled SSL on your site by April 19, and all traffic will be redirected to the secure version. If you want to enable SSL immediately, you go to your control panel (Support >Â Domain & DNS Settings), review the section that says "Secured Domains (SSL)" and if there are no errors on your domains then click the button that says "Force HTTPS". That will make all connections redirect to SSL.
Â
Â
Troubleshooting
If you see an error on any domains in your control panel (Support > Domain & DNS Settings) it's probably caused by a domain still be pointing to an old "bounce server" or incorrect DNS settings. That page will explain what the correct DNS records should be.
Be aware, that if you have some pages on your site that are hard linking to any "http://" resources (e.g. images, iframes) then the page will not be secure. Most browsers shouldn't show a warning, but they will remove your "secure" badge and when looking at details they'll explain why it's not secure. Those pages should be easy to correct. But even if you don't correct them, they are just the same level of security as if you didn't enable SSL. So there is no good reason not to allow us to enable SSL. However, if you don't want us to enable SSL on your site, you must "opt-out" this week.