Once you add your domain name to Avoori, it automatically gets an SSL certificate that protects it and makes the data that is transferred from the website to the browser encrypted. This encryption helps protecting that data, your customers, and yourself.
SSL certifications help your website become more secure and reduce the risk of hacking and of stealing private information from your customers. This guide will help you understand the SSL certificate and why you need it for your website.
How to get an SSL Certificate
In order to get an SSL certificate from Avoori, you need:
- To have bought a domain name from Avoori
- Transferred your domain name to Avoori
- Connected your domain name to a website on Avoori
- Have subdomains
If you have any of what is mentioned above, then you’ll get an SSL certificate for your website. To make sure your website is eligible for an SSL certificate on Avoori, here’s what you need to consider:
- If you have a third-party domain that you haven’t transferred, then make sure it’s connected correctly by following our connecting your domain guide. View your DNS records and follow the steps in order to connect it correctly.
- If you have an Avoori domain, then you should connect it to an Avoori website. If You have a website elsewhere, then, in that case, contact that website hosting provider.
SSL and Commerce checkout
If you have an online store on Avoori, then you should know that all of the credit card information and checkout pages information is protected by your SSL certificate.
The checkout page on your website is absolutely secure even if you’re using the insecure SSL settings on your website. An Avoori website is automatically secure thanks to our hosting and our security team that keeps monitoring different websites every now and then.
If you think your website might not be secure, then you can always content our customer service in order to discuss your concerns.
Custom code and SSL warnings (mixed content)
If you have some pages on your website that load on different connections, meaning if one of your content loads on an HTTPS connection, and another content loads over an HTTP connection, then your page might be insecure.
This insecure content can come from different things like integrations, custom codes, or code-based customizations. If your website has this kind of insecure content, then make sure to load your website on an insecure SSL setting this way visitors won’t get a warning message.
If you choose a secure SSL setting, a warning message will show up to users because you have some content that loads on HTTP.
Check a site’s SSL certificate
If you’re trying to check if a website is secure or not, then you can do it by checking if they have an SSL certificate. Checking this is very easy, all you have to do is check the website’s URL and see if it starts with https://.
If the website’s URL has https in it, then it means it has an SSL certificate. Another way to check it is by looking if next to the website’s URL on your browser, there is a padlock icon. If there is a padlock icon, then that means the website is secure, if not, then it means it’s not.
You can also check the details of the SSL certificate in a lot of browsers including Google Chrome and Firefox. You can check information related to the authority that issued the SSL certificate, for how long it’s valid, and so on.
There are a lot of technical details you should be aware of when it comes to the SSL certificates we issue. Here is what you should know:
- We issue SSL certificates automatically after you connect your domain name to your website. You don’t need a certificate signing request with Avoori
- We provide a 2048-bit SSL encryption on all of your website’s pages except checkout
- We currently don’t support HPKP which is shot for HTTP Public Key Pinning
- We provide a TLS version 1.2 for all HTTPS connections
Third-party SSL providers
On Avoori, there is no support for third-party SSL certificates. Your domain name can only support our SSL certificate, so, if you have any other SSL certificate, you’ll have to switch to Avoori’s.
If you want to switch to Avoori’s SSL certificate, then here’s what you need to do:
- Disconnect your domain name from the SSL certificate provider.
- Connect your domain name or transfer it to Avoori.
- Once your domain name is fully transferred or connected, we’ll issue your SSL certificate.
What is SSL?
SSL stands for Secure Sockets Layer and it’s a technology that enables the information that goes in from your browser to your website and vice versa to be protected and secure. It’s an important certificate that now almost all browsers prefer and now websites who don’t have it are considered unprotected.
Websites who have an SSL certificate all start with HTTPS in their URL and have a padlock icon next to their website URL.
What are the benefits of SSL?
Having an SSL certificate is very beneficial for all kinds of websites. Here are some benefits you could get by having an SSL certificate:
- It helps with your website’s SEO and your visitor’s experience
- It makes your website more secure and prevents the leaking of the private information of your users and visitors
- It makes it harder for hackers to access the private data of your users
- It makes your website look more trustworthy and helps you gain your visitors’ trust
- It can in some cases help your website load faster.
Can I disable SSL?
No, it’s not possible to disable your SSL certificate. Your SSL certificate comes automatically with your website’s domain name and it’s an important factor in your SEO and visitor experience. But, you can still choose to get the insecure version of the SSL certificate in order for a visitor to get an HTTP version of your website.
Will SSL slow down my site?
Generally speaking, your SSL certificate is not supposed to slow down your website. It takes browsers a few seconds to authenticate your SSL certificate but it won’t make a difference in your website’s load time. If you notice that your website is slow because of the SSL certificate, then you can read the troubleshooting steps in order to help out.
Does SSL work for subdomains?
Yes, Avoori does generate an SSL certificate even for subdomains. You can get an SSL certificate by connecting your subdomain to your website whether it’s the version with WWW or the version without it.
Make sure to connect all of your subdomains to your website in order for all of them to have an SSL certificate and in order for them all to redirect to your website.
Do I need to set my SSL to “Secure” to keep my account details private?
No, whatever version you choose of your SSL certificate, your account details will still be private. Your account’s details won’t be accessible by anyone. In order to log in to your account, you’ll always have to enter your logins and will be redirected to a secure session before that.
If you’re having trouble with your SSL certificate, then please visit our guide about troubleshooting SSL in order to help you out.
Choose SSL settings
If you have chosen a domain name and connected it to a website on Avoori, then you should know that an SSL certificate is automatically enabled on your website.
In order to choose your website’s SSL settings, here’s what you need to do:
- Go to your home menu, go to settings, click advanced
- Click on SSL
- Go to your security preferences, and choose the settings you want (we personally recommend choosing the Secure version of your SSL certificate for more protection, but in some cases, you might need the insecure version)
- Click on Save
It might take some time before these changes are saved on your website especially if your domain name is owned by a third-party.
SSL settings explained
The secure version of your SSL certificate is the one you get by default when connecting your domain name to your website on Avoori. It comes with the HSTS setting enabled.
A secure version means your visitors will all be redirected to the HTTPS URL of your website even if they want the HTTP version. It also means that your sitemap will only include HTTPS links from your website and search engines will only index the HTTPS version of your website. Your website will also not be able to load on browsers that don’t support SSL.
If your website includes different custom codes, injected codes, different embeds from third-parties, and all sorts of mixed content, then you might want to use the insecure version. The insecure version will allow visitors to use your website on the HTTP version even if your SSL certificate is enabled. Your visitors can also access your website on an HTTPS URL. Your sitemap will include the HTTP links and search engines will index them as well.
The HSTS on your website is important as it serves as an extra layer of protection for your website. Keeping it is very important as it encrypts the connection further and helps to protect your personal data and information.
Here are other guides to help with your account’s security: