SSL certificates automatically protect your domain connections on Squarespace, preventing security breaches and data theft. Here's what you need to know about SSL certificates and settings:

Automatic SSL Protection

• All correctly pointed domains receive free SSL certificates
• Applies to Squarespace domains, third-party domains, subdomains, and integrated domains
• Requires proper domain connection and configuration
• Domain names must be under 63 characters

SSL Settings Options

1. Secure (Recommended):

• Redirects all traffic to HTTPS
• Includes HTTPS links in sitemaps
• Improves SEO through HTTPS indexing
• Requires SSL-compatible browsers

2. HSTS Security:

• Encrypts connections
• Prevents site impersonation
• Eliminates "Your connection is not private" warnings
• Recommended with Secure setting

3. Unsecure:

• Allows both HTTP and HTTPS access
• Maintains HTTPS links in sitemaps
• Search engines index HTTP version
• May cause temporary access issues when switching from HSTS

Commerce and Checkout Security

• Checkout pages use 128-bit SSL encryption
• Compliant with Level 1 PCI standards
• Always secure regardless of site SSL settings
• Custom domains visible in checkout URL for Commerce plans

Technical Specifications

• Uses Let's Encrypt DV SSL certificates
• 90-day certificate renewal cycle
• 2048-bit encryption (except checkout)
• TLS 1.2 protocol for HTTPS
• Automatic certificate generation

Verification and Troubleshooting

To verify SSL protection:

• Look for "https://" in URL
• Check for padlock icon in browser
• Certificate details viewable in browser settings

Important Notes:

• Cannot disable SSL certificates
• Third-party SSL certificates not supported
• Custom code may cause mixed content warnings
• Setup changes may take up to 72 hours
• Subdomains receive separate certificates

By following these guidelines and maintaining proper SSL settings, you'll ensure optimal security for your website and visitors.

Related Articles

Previous Articles