85

Add HTTPS support for custom domains.

HTTPS support (allow uploading certificates for custom domains)

58 comments

  • Avatar
    Strikingly Tech
    Official comment

    Great news! We now fully support HTTPS for custom domains, for free, automatically. Read more here: https://support.strikingly.com/hc/en-us/articles/115000177902-Activate-HTTPS-SSL-for-Free

    It's available for all Pro/Limited users, and for all custom domains - whether or not you registered your domain on Strikingly.

    Please contact us on live chat or email us at support@strikingly.com if you have any questions.

  • 2
    Avatar
    Martin Suchan
    Hi, any chance to use the Let's Encrypt project for issuing free domain certificates? It will be available in public beta in December: https://letsencrypt.org/ Ideally I'd like to just click "Enable HTTPS" in my site administration and rest will be done automatically.
  • 1
    Avatar
    Anonymous
    how is this progressing, in comparison to other feature requests? do you have an ETA?
  • 0
    Avatar
    Wxh
    支持https
  • 1
    Avatar
    team
    I am planning to use the combination of gumroad with strikingly and I have been waiting for the SSL cert capability to make a seamless overlay integration. I strongly stated our desire to have this mandatory feature but I am surprised that even after a year, its still being debated.
  • 2
    Avatar
    Jompeame
    I really need this!
  • 1
    Avatar
    Martin Suchan
    Hi, this is a must have feature, more important that any minor UI improvements mentioned elsewhere.
  • 1
    Avatar
    carles
    Hi, this is also jeopardizing our business. Many firms can't go on our website because it is not secure... Can you help us and solve this matter ? Thank you.
  • 1
    Avatar
    James Perkins
    Just to add to the few comments placed. We are also extremely keen for you to develop HTTPS functionality for purchased domains. It looks and we hope it is a priority.
  • 1
    Avatar
    Philippe Boupda
    We share the same remark and concern as Scott Stuart. We have already purchased our domains and we are eager to be able to test the HTTPS functionnality since it is somehow mandatory for our activity.
  • 2
    Avatar
    Scott Stuart
    where are you with this SSL ask?? It's really becoming a BIG issue and customers perceive SSL is needed on homepage regardless if transaction occurs on that page. Most of us have custom domains that were purchased long before Strikingly existed so it doesn't help that your beta is only for sites purchased on strikingly.
  • 1
    Avatar
    Daniel Layne
    While we don't actually transact on our site, even we want SSL for our domain (which we purchased before you guys even existed!). This is my #1 want from Strikingly - your product is amazing but this would give us a big warm feeling inside!
  • 1
    Avatar
    Ross Harling
    ssl is a must have
  • 1
    Avatar
    Alexandre Sieira
    Also, you should allow a site to be HTTPS only, including http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security support and permanent redirects of HTTP accesses to HTTPS ones. Which in my opinion should be the default setting, but then again I'm a paranoid security professional. :)
  • 1
    Avatar
    Scott Stuart
    WHy did i get email saying HTTPS is now being offered for custom domains only to see it's still just a beta for domains purchasef through strikingly! Very annoyiong as we've been asking for this for a while and I got to tell you it's looking more and more that we will switch to another provider as they're everywhere and offer ssl and other necesary things to sell on line. Please address asap!
  • 3
    Avatar
    Felix Mann
    I do not agree with the request being "Completed". My request explicitly states "for custom domains", in my opinion meaning "not purchased through strikingly". Furthermore I explicitly state that I want HTTPS support by "allowing uploading certificates for custom domains". Please re-open the ticket.
  • 2
    Avatar
    DBM
    Please add HTTPS for domains purchased elsewhere. Google is already using SSL as a ranking signal, meaning Strikingly sites are penalized relative to ones hosted at your competitors: http://googlewebmastercentral.blogspot.com/2014/08/https-as-ranking-signal.html Thanks for paying attention.
  • 1
    Avatar
    Felix Mann
    Hi! I got a message telling me that custom domains will be supported soon. While this is great news (it's surely a step forward :)) this won't help my specific case as we have a custom domain. Therefore my request remains unchanged. I'll try to make peers in my area that are using strikingly aware so that they can actually vote for this functionality. Thanks!
  • 2
    Avatar
    Justin Wilcox
    Heads up, I'm actually losing sales because HTTPS isn't supported. I use your Celery integration and a potential customer sent me a note today saying... "when I give my credit card number I always want to se "https" on the address line. I admit I do not understand many of the security issues in the web but exactly because of that I am being very cautious and usually buy a book from amazon rather than a page like this." Would be great if Strikingly supported HTTPS so I didn't have to ask myself, how many other potential customers am I losing out on.
  • 0
    Avatar
    Jennifer Juncaj

    I sent an e-mail to support regarding SSL. My Google Ad Word rep said that I need SSL on my site and also in order to help me with a Google Shop.  Is this not an option on Strikingly?

  • 1
    Avatar
    Jyrki Nivala

    This is becoming urgent issue. Please add custom domain support soon. https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html

  • 1
    Avatar
    Brad Grier

    YES. We need this now. Someone from Strikingly please give us an update??

  • 0
    Avatar
    Shaya Dank

    Hey everyone, I had to switch to Godaddy.com website builder, because strikingly said they couldn't help me as I didn't purchase my domain from them. When you purchase a year of their service, you can have a shop website for about $30 more per year, plus you get a free custom domain and SSL from HTTPS free. Or you can build  regular website for less than strikingly. I hope this helps someone or it leads to strikingly making SSL available to everyone, regardless of where you buy your domain from.

  • 0
    Avatar
    Dave Weatherall

    +1 HTTPS for custom domains is important!

  • 0
    Avatar
    Dave Weatherall
  • 0
    Avatar
    Nick

    Still not solved.  Flexible SSL only encrypts between the user and Cloudflare.  Cloudflare to the site is not encrypted.  Please figure out a way to upload our own certificate and use Full SSL (strict).

  • 0
    Avatar
    Dave Weatherall

    I'm confused. Strikingly, can you comment on this?

    Here's what CloudFlare says;

    • Flexible SSL: secure connection between your visitor and CloudFlare, but no secure connection between CloudFlare and your web server. You don't need to have an SSL certificate on your web server, but your visitors still see the site as being HTTPS enabled. This option is not recommended if you have any sensitive information on your website.
    • It should only be used as a last resort if you are not able to setup SSL on your own web server, but it is less secure than any other option (even “Off”), and could even cause you trouble when you decide to switch away from it

    I wonder if Google ignores "flexible" as a ranking signal for HTTPS.

    Is there a way to upgrade and get the official certificate? If we do it to our sites, we may as well do it properly.

  • 1
    Avatar
    Strikingly Developer

    Google cannot tell if it's "flexible" or not. The insecure connection between CloudFlare and our servers is not visible to Google or any other search engines at all. So it does not affect ranking.

    What kind of "official certificate" are you referring to? If you are referring to your own SSL certificate, it is possible to upgrade on Cloudflare and do so but it's still flexible, which means the SSL cert will be on Cloudflare but not used between Cloudflare and our servers. And the upgrading price of Cloudflare is pretty high.

    We are still trying to figure out a solution to provide full SSL to everyone. Will keep you guys updated for sure.

     

  • 0
    Avatar
    Dave Weatherall

    Thanks for the clarification Strikingly. You are the experts! I am only making assumptions based on what I have read elsewhere so it helps to hear from you.

    You guys told me that this (https://support.strikingly.com/hc/en-us/articles/206058082-Adding-HTTPS-SSL-for-Domain-Not-Purchased-from-Strikingly-using-Cloudflare) was the way to get SSL setup but the flexibility confused me and comments here concerned me. If you guys are working on a way to provide a solution, I am happy to wait for that.

  • 0
    Avatar
    Jonathan

    Maybe you should look into: Letsencrypt to do an automated SSL setup on your servers? I understand you have a complex setup and appointing an SSL certificate per page is not as easy as with a "conventional" hosting system. However, I assume you must have thought of this how SSL can be implemented at some point early on in dev, right? Cloudflare is an okay solution, a little complicated to setup for many users I'm sure, but I do understand when some advanced users would prefer direct SSL support instead of third party relaying. Looking forward to it!

Please sign in to leave a comment.