58 comments
-
Official comment Great news! We now fully support HTTPS for custom domains, for free, automatically. Read more here: https://support.strikingly.com/hc/en-us/articles/115000177902-Activate-HTTPS-SSL-for-Free
It's available for all Pro/Limited users, and for all custom domains - whether or not you registered your domain on Strikingly.
Please contact us on live chat or email us at support@strikingly.com if you have any questions.
-
Hi, any chance to use the Let's Encrypt project for issuing free domain certificates? It will be available in public beta in December: https://letsencrypt.org/ Ideally I'd like to just click "Enable HTTPS" in my site administration and rest will be done automatically.
-
how is this progressing, in comparison to other feature requests? do you have an ETA?
-
支持https
-
I am planning to use the combination of gumroad with strikingly and I have been waiting for the SSL cert capability to make a seamless overlay integration. I strongly stated our desire to have this mandatory feature but I am surprised that even after a year, its still being debated.
-
I really need this!
-
Hi, this is a must have feature, more important that any minor UI improvements mentioned elsewhere.
-
Hi, this is also jeopardizing our business. Many firms can't go on our website because it is not secure... Can you help us and solve this matter ? Thank you.
-
Just to add to the few comments placed. We are also extremely keen for you to develop HTTPS functionality for purchased domains. It looks and we hope it is a priority.
-
We share the same remark and concern as Scott Stuart. We have already purchased our domains and we are eager to be able to test the HTTPS functionnality since it is somehow mandatory for our activity.
-
where are you with this SSL ask?? It's really becoming a BIG issue and customers perceive SSL is needed on homepage regardless if transaction occurs on that page. Most of us have custom domains that were purchased long before Strikingly existed so it doesn't help that your beta is only for sites purchased on strikingly.
-
While we don't actually transact on our site, even we want SSL for our domain (which we purchased before you guys even existed!). This is my #1 want from Strikingly - your product is amazing but this would give us a big warm feeling inside!
-
ssl is a must have
-
Also, you should allow a site to be HTTPS only, including http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security support and permanent redirects of HTTP accesses to HTTPS ones. Which in my opinion should be the default setting, but then again I'm a paranoid security professional. :)
-
WHy did i get email saying HTTPS is now being offered for custom domains only to see it's still just a beta for domains purchasef through strikingly! Very annoyiong as we've been asking for this for a while and I got to tell you it's looking more and more that we will switch to another provider as they're everywhere and offer ssl and other necesary things to sell on line. Please address asap!
-
I do not agree with the request being "Completed". My request explicitly states "for custom domains", in my opinion meaning "not purchased through strikingly". Furthermore I explicitly state that I want HTTPS support by "allowing uploading certificates for custom domains". Please re-open the ticket.
-
Please add HTTPS for domains purchased elsewhere. Google is already using SSL as a ranking signal, meaning Strikingly sites are penalized relative to ones hosted at your competitors: http://googlewebmastercentral.blogspot.com/2014/08/https-as-ranking-signal.html Thanks for paying attention.
-
Hi! I got a message telling me that custom domains will be supported soon. While this is great news (it's surely a step forward :)) this won't help my specific case as we have a custom domain. Therefore my request remains unchanged. I'll try to make peers in my area that are using strikingly aware so that they can actually vote for this functionality. Thanks!
-
Heads up, I'm actually losing sales because HTTPS isn't supported. I use your Celery integration and a potential customer sent me a note today saying... "when I give my credit card number I always want to se "https" on the address line. I admit I do not understand many of the security issues in the web but exactly because of that I am being very cautious and usually buy a book from amazon rather than a page like this." Would be great if Strikingly supported HTTPS so I didn't have to ask myself, how many other potential customers am I losing out on.
-
I sent an e-mail to support regarding SSL. My Google Ad Word rep said that I need SSL on my site and also in order to help me with a Google Shop. Is this not an option on Strikingly?
-
This is becoming urgent issue. Please add custom domain support soon. https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
-
YES. We need this now. Someone from Strikingly please give us an update??
-
Hey everyone, I had to switch to Godaddy.com website builder, because strikingly said they couldn't help me as I didn't purchase my domain from them. When you purchase a year of their service, you can have a shop website for about $30 more per year, plus you get a free custom domain and SSL from HTTPS free. Or you can build regular website for less than strikingly. I hope this helps someone or it leads to strikingly making SSL available to everyone, regardless of where you buy your domain from.
-
+1 HTTPS for custom domains is important!
-
It looks like Strikingly have already solved this. Congratulations Strikingly!
https://support.strikingly.com/hc/en-us/articles/206058082-Adding-HTTPS-SSL-for-Domain-Not-Purchased-from-Strikingly-using-Cloudflare -
Still not solved. Flexible SSL only encrypts between the user and Cloudflare. Cloudflare to the site is not encrypted. Please figure out a way to upload our own certificate and use Full SSL (strict).
-
I'm confused. Strikingly, can you comment on this?
Here's what CloudFlare says;
- Flexible SSL: secure connection between your visitor and CloudFlare, but no secure connection between CloudFlare and your web server. You don't need to have an SSL certificate on your web server, but your visitors still see the site as being HTTPS enabled. This option is not recommended if you have any sensitive information on your website.
- It should only be used as a last resort if you are not able to setup SSL on your own web server, but it is less secure than any other option (even “Off”), and could even cause you trouble when you decide to switch away from it
I wonder if Google ignores "flexible" as a ranking signal for HTTPS.
Is there a way to upgrade and get the official certificate? If we do it to our sites, we may as well do it properly.
-
Google cannot tell if it's "flexible" or not. The insecure connection between CloudFlare and our servers is not visible to Google or any other search engines at all. So it does not affect ranking.
What kind of "official certificate" are you referring to? If you are referring to your own SSL certificate, it is possible to upgrade on Cloudflare and do so but it's still flexible, which means the SSL cert will be on Cloudflare but not used between Cloudflare and our servers. And the upgrading price of Cloudflare is pretty high.
We are still trying to figure out a solution to provide full SSL to everyone. Will keep you guys updated for sure.
-
Thanks for the clarification Strikingly. You are the experts! I am only making assumptions based on what I have read elsewhere so it helps to hear from you.
You guys told me that this (https://support.strikingly.com/hc/en-us/articles/206058082-Adding-HTTPS-SSL-for-Domain-Not-Purchased-from-Strikingly-using-Cloudflare) was the way to get SSL setup but the flexibility confused me and comments here concerned me. If you guys are working on a way to provide a solution, I am happy to wait for that.
-
Maybe you should look into: Letsencrypt to do an automated SSL setup on your servers? I understand you have a complex setup and appointing an SSL certificate per page is not as easy as with a "conventional" hosting system. However, I assume you must have thought of this how SSL can be implemented at some point early on in dev, right? Cloudflare is an okay solution, a little complicated to setup for many users I'm sure, but I do understand when some advanced users would prefer direct SSL support instead of third party relaying. Looking forward to it!