How Do I Secure my Landing Page Domain with SSL?

Follow

Everyone is looking to keep their information more secure. Luckily, Secure Socket Layer (SSL) is a security technology that ensures all data passed between the web server and the browser remains private.

Enabling SSL is available on all Unbounce plans. Rest assured, the 'http' version of your domain - and corresponding landing page(s) - will still be available even if you've enabled SSL on your custom domain.

This article will explain how to enable SSL on your domain in the Unbounce Conversion Intelligence™ Platform.

Before Enabling SSL on Your Domain

Before you enable SSL, you'll want to double-check that your pages don't consist of any content that isn't secure. 

If you have content on your page that is not secure, your page visitors may notice mixed content warning messages, which may impact your page's performance.

Navigate back to your page - in the Classic Builder or Smart Builder - and verify that all additional sources & assets pull from SSL-secure servers only. 

Here are some examples of what to double-check:

  • Lightboxes pull from secure sources (this applies to pages built with the Classic Builder).
  • Background image URLs in custom CSS are hosted on an 'https' server.
    • For example, be sure that the image URL is https://example.com/backgroundimage.jpg and not http://example.com/backgroundimage.jpg.
  • Any custom JavaScript, CSS, or iframes (HTML), embedded on your page directly or via Script Manager, render on an 'https' server and not 'http.' The following are examples of secure URLs:
    • <link rel="icon" type="image/png" href="https://example.com/myicon.png">
    • <link href="https://example.com/styles.css" rel="stylesheet">
    • <iframe src=”https://example.com/iframe.html”>
    • <script type=”text/javascript” src=”https://example.com/script.js”></script>

Be sure you retrieve these embedded and referenced URLs from SSL-secure servers. 

What to Do if Your Page Includes Content That Is Not Secure

Replace all embedded and referenced URLs with 'https' versions instead 

As mentioned above, retrieve these embedded and referenced URLs from SSL-secure servers: 'https.' 

This is the best solution if you intend to always use your landing page's secure version in your campaigns. 

 

Protocol-Less Workaround (if you're feeling tech-savvy)

If (and only if) your host provides an 'http' and 'https' version of your page, one workaround is to change the path from a non-secure URL to a protocol-less URL.

For Example:

http://example.com/asset.ext would become //example.com/asset.ext.

 

Publish and share the 'http' version of your page

While it is ideal and recommended to share and publish the secure version of your landing page, Unbounce serves both 'http' and 'https' landing pages on all subscription plans.

It's entirely up to you which version you want to use for your campaign.

Although non-SSL landing pages are by no means "unsafe," the automated warning messages that pop up might cause your page visitors to worry. 

So, if you notice mixed content warnings and errors, simply return to the source of your traffic (e.g., your ad URL, or the URL listed in your email or social campaign) and switch your URL back to 'http.'

Enabling SSL on Your Domain

If you would like to ensure the secured ('https') version of your pages render for all your visitors, follow these steps:

  1. Navigate to the Domains tab on the left-hand side of the Unbounce Conversion Intelligence™ Platform.
  2. Toggle the Force' https' on all non-WordPress domains button on the top-right corner of the page:
    Annotated image of steps 1 and 2; the toggle button to enable SSL at the top-right hand corner of the Domains tab is highlighted in blue

You're all set! Give the SSL a few moments to propagate, and your pages will load as SSL-secure.

If you have some trouble seeing these changes right away, refresh your browser cache & history, or test your page in an Incognito window. 

SSL and Customer Experience

SSL-secured domains let your page visitors know that they are visiting a domain where any information they share will exist on a secure & encrypted server. 

When visitors see a green padlock and an 'https' web address in the URL field, it's a visual cue that the landing page has enhanced security:

Green_Padlock_and_HTTPS.png

Frequently Asked Questions

Can I enable SSL on unbouncepages.com domains?

At this time, you can enable SSL with:

  • your own custom domain, or
  • with Unbounce's built-in ubpages.com domain

The unbouncepages.com domain is not SSL-secure. 

To quickly connect your pages to a domain that's SSL secure, check out our documentation on the ubpages.com domain: Adding a Custom ubpages.com Domain

Or, follow these steps to connect your custom domain to Unbounce: Connecting your Domain in Unbounce

Is SSL available with my Unbounce Subscription? 

SSL is available on all current plans and all legacy plans. 

Can I use my own SSL Proxy, such as Cloudflare?

Certain SSL proxies can be quite intense as they can also block your landing page content from loading within the browser, or disrupt the CNAME configuration for your custom domain. It's best to remove any custom SSL proxies if possible.

As for Cloudflare, this works great as a domain provider! But when the Cloudfare proxy is enabled, it can block & disrupt Unbounce's CNAME record detection and prevent SSL enabling. Do remove the Cloudflare proxy if possible.  

Helpful Resources 

Enabling SSL on WordPress Domains

Connecting your Domain in Unbounce

Why Should I Connect my Domain?