Here's the concise, value-focused rewrite:

SSL certificates automatically protect all domains correctly pointing to your site, securing connections and preventing unauthorized access to visitor information. Here's what you need to know about SSL certificates and how to manage them effectively.

Requirements for SSL Certificates:

• Squarespace domains (registered or transferred)
• Connected third-party domains
• Subdomains (63 characters or less)
• Built-in domains

Your domain must be correctly connected to receive SSL protection. For third-party domains, verify your DNS records are properly configured.

Checking SSL Status:

1. Visit your domains dashboard and check if certificate status shows "Issued"
2. Check the SSL panel for "Active" status
3. Visit your site to verify the SSL certificate

SSL Settings Options:

Secure (Preferred) - Recommended Default:

• Automatically redirects to HTTPS
• Includes HTTPS links in sitemaps
• Improves SEO through HTTPS indexing
• Requires SSL-compatible browsers

HSTS Secure:

• Recommended when using Secure setting
• Encrypts connections
• Prevents security bypass attempts
• Prevents "Your connection is not private" errors

Insecure:

• Allows both HTTP and HTTPS access
• Uses HTTP links in sitemaps
• Indexes HTTP version in search engines

Technical Specifications:

• Uses Let's Encrypt for Domain-Validated certificates
• 2048-bit SSL encryption (except checkout)
• TLS 1.2 for HTTPS connections
• 90-day certificate refresh cycle
• Automatic certificate issuance

Commerce and Security:

• Checkout pages use 128-bit SSL encryption
• Level 1 PCI compliant
• Secure checkout regardless of site SSL settings
• Custom domains visible in checkout URL (Commerce Basic/Advanced plans)

Mixed Content Handling:

• Update integrations to use HTTPS
• Modify custom code to prevent warnings
• Ensure third-party content uses secure connections

Certificate Verification:

• Look for https:// in URL
• Check for closed padlock icon
• View certificate details through browser settings

Important Notes:

• SSL certificates cannot be disabled
• Subdomains receive separate certificates
• Login credentials are always encrypted
• Certificate updates may take up to 72 hours
• Third-party SSL certificates are not supported

Third-party SSL users must switch to Squarespace's certificate by disconnecting from their current provider and properly connecting through Squarespace's DNS records.

Related Articles

Previous Articles