SSL hosting
Use SSL (secure socket layer) to establish an encrypted link between a web server and a browser.
SSL (secure socket layer) is the standard method for establishing an encrypted link between a web server and a browser. It ensures that all data passed between the web server and browsers remain private and integral, so you and your site’s visitors can be sure your information is safe.
Important: Sites that don’t use SSL will be labeled “not secure” by some browsers, strongly discouraging people from visiting your site. Sometimes, your site may be loaded on HTTPS and still show “not secure” warnings. Learn how to troubleshoot these website security issues.
In this lesson, you’ll learn:
- The benefits of Webflow SSL
- How to enable SSL hosting
- How to disable SSL hosting
- How to upload a custom SSL certificate
The benefits of Webflow SSL
- Earn Google’s trust and improve your SEO
- Have complete end-to-end encryption between your website and your users
- Safely run an ecommerce store on Webflow with dynamic embeds
Features of Webflow SSL
- End-to-end SSL security between Webflow servers and your websites
- Automatic SSL delivery for HTML/CSS/JS and all images
- Optimized SSL certificates for maximum compatibility
- Instant-on with no setup required
Need to know
- You do not need to generate a CSR. We handle all of that for you. To set up SSL, all you need to do is turn it on in your Site settings.
- Webflow doesn’t support named certificates at this moment
- At the moment, only Enterprise customers can use a certificate purchased from another SSL certificate provider
Note: Webflow SSL hosting certificates are automatically renewed when the old one expires, as long as the DNS records are continuously pointed to Webflow and the site is loading on Webflow SSL hosting servers. The certificates are not set to renew in advance, so your monitoring tool may report warnings if you configured it to warn when the certificate is not installed in advance. Keep in mind, Webflow does not automatically renew custom SSL certificates. You are required to manually update your custom SSL certificate before it expires.
How to enable SSL hosting
As of 14 November 2018, SSL is enabled by default on all new Webflow sites. However, if you disabled SSL and want to re-enable it, you can do so in Site settings.
To enable SSL hosting on a site:
- Go to Site settings > Publishing tab > Advanced publishing options
- Toggle Enable SSL “on”
Important: Each time you disable or enable SSL on a Webflow-hosted site, you’ll need to update your DNS records to ensure that your site works correctly.
How to disable SSL hosting
You can switch SSL off, but we recommend against doing so. Sites that don’t use SSL may be labeled “not secure” by some browsers, strongly discouraging people from visiting your site.
To disable SSL hosting on a site:
- Go to Site settings > Publishing tab > Advanced publishing options
- Toggle Enable SSL “off”
Note: For security, you cannot disable SSL on sites with Ecommerce or User Accounts enabled.
How to upload a custom SSL certificate
To provide increased flexibility when setting up your hosting, you can upload your own custom SSL certificates to your site.
Note: Custom SSL certificate uploads are only available for Enterprise customers. Contact our sales team for more information.
How to obtain a custom SSL certificate
You’ll need to obtain your custom SSL certificates from a third-party service, since Webflow does not issue custom SSL certificates.
When obtaining your custom SSL certificate from a third-party service, you’ll typically follow these steps:
- Generate a Certificate Signing Request (CSR) and private key. This can be done through online CSR generators or in a local development environment with various tools, such as OpenSSL. Keep a secure copy of your private key — you’ll need it for Webflow installation later.
- Choose a Certificate Authority (CA) (i.e., a trusted entity that issues SSL certificates). There are many CAs available, both commercial and free.
- Provide your CSR to the CA. When you purchase or request a certificate from a CA, they’ll typically ask for your CSR. You’ll need to copy and paste the contents of the CSR file, or upload the file itself to their website.
- Complete any domain ownership steps and additional verification steps. Depending on the CA and certificate, you may need to verify that you own the domain for which you’re requesting the certificate. This can be done through various methods, such as email verification or DNS record creation. You may need to provide additional documentation or undergo more rigorous validation processes, especially for extensive certificate types.
- Receive and download the SSL certificate. Once your request is approved, the CA will issue your custom SSL certificate. They’ll provide you with the certificate files. Download these and install them in Webflow according to the instructions below.
How to add a custom SSL certificate
Note: Although your site will use a custom SSL certificate, you’ll still need to configure Webflow’s SSL settings on your site. Make sure you enable SSL hosting and update your DNS records for SSL hosting.
First, open Site settings:
- Go to your Dashboard
- Locate the site to which you want to add the custom SSL certificate
- Click the “3 disclosure dots” to open the site options menu
- Click Settings
- Check the name and subdomain of the site in the General tab to make sure you’re in the correct site’s settings
Next, add your custom SSL certificate to your site:
- Go to Publishing tab > Custom SSL certificates
- Click Add Certificate
- Add your site’s domain name to the Domain field (e.g., “yourdomain.com”)
- Copy and paste your full certificate chain (RSA PEM format) into the SSL certificate chain field (e.g., place your domain or leaf certificate first, and include any intermediate or root certificates after your domain or leaf certificate). If you have multiple files, first paste your domain or leaf certificate (e.g., “certificate.crt”), then include any intermediate or root certificates (e.g., “ca_bundle.crt”) after your domain or leaf certificate in the same field. Separate each file by a line break.
- Copy and paste your private key into the Private key field (it must be an unencrypted PKCS#8 private key with the header “BEGIN PRIVATE KEY”)
- Click Add custom SSL certificate to add the custom certificate to your site
Note: A single certificate may have multiple domains on it. If you need to apply multiple domains to your certificate, you will need to upload the certificate multiple times — once for each domain. For example, you may have 1 certificate and need to apply it to example.com and www.example.com. In this case, you will need to add the certificate 2 times — once for example.com and once again for www.example.com.
How to update a custom SSL certificate
If you choose to add a custom SSL certificate to your site, you are required to manually update your certificate before it expires.
To update your custom SSL certificate, first open Site settings:
- Go to your Dashboard
- Locate the site to which you want to add the custom SSL certificate
- Click the “3 disclosure dots” to open the site options menu
- Click Settings
- Check the name and subdomain of the site in the General tab to make sure you’re in the correct site’s settings
To delete your original custom SSL certificate and replace it with your updated version:
- Click the Publishing tab > Custom SSL certificates
- Click Delete next to the certificate that you want to delete
- Add your updated custom SSL certificate to your site