delsol Posted November 18, 2022 Share Posted November 18, 2022 We recently attached a domain we own to our SquareSpace site and we obviously have a working SSL cert at https://teamchase.life as indicated by the browser lock icon. We also ran an SSL checker just to be sure. However, if a user enters http://teamchase.life in either Chrome or Edge you get the Not Secure warning. Squarespace is a bit different than other sites I manage where I just redirect http to https in the .htaccess with a stanza like <IfModule mod_rewrite.c>RewriteEngine onRewriteCond %{HTTPS} !=on [NC]RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]</IfModule> How can I do that with a SquareSpace site? I couldn't find a setting to ensure that http is redirected to https. Thanks for any advice Link to comment
Solution paul2009 Posted November 18, 2022 Solution Share Posted November 18, 2022 (edited) 1 hour ago, delsol said: We recently attached a domain we own to our SquareSpace site and we obviously have a working SSL cert. However, if a user enters http://... you get the Not Secure warning. Once SSL is working, you should enable HSTS Secure. This will ensure that users can only view the encrypted version, preventing potential attackers from impersonating your site. You should find the setting in Settings > Advanced > SSL > Security preference. It is important to note that you should only enable this once you are sure that your domain is fully connected and SSL (HTTPS) is working correctly on your site. This is because if you disable HSTS later, anyone who visited while HSTS was enabled will be blocked from your site for up to 72 hours. Did this help? Please give feedback by clicking an icon below ⬇️ Edited November 18, 2022 by paul2009 Me: I'm Paul, a SQSP user for >18 yrs & Circle Leader since 2017. I value honesty, transparency, diversity and good design ♥. Work: Founder of SF.DIGITAL. We provide high quality original extensions to supercharge your Squarespace website. Content: Views and opinions are my own. Links in my posts may refer to my own SF.DIGITAL products or may be affiliate links. Forum advice is completely free. You can thank me by selecting a feedback emoji. Buying a coffee is generous but optional. Would you like your customers to be able to mark their favourite products in your Squarespace store? Link to comment
AEmte Posted January 18, 2023 Share Posted January 18, 2023 Hi Paul and Delsol, I'm experiencing a similar problem! I already had HSTS enabled. But the issue I'm experiencing is when I try to enter my portfolio with my bought domain (via Squarespace, https://www.emtemark.com/) on my computer laptop at work. I get the message "not secure" on chrome and safari. However, I can access the portfolio by going via the longer/original link (https://emtemark.ssquarespace.com/). But strangely, when I try the same at home with my work computer it works fine to access my portfolio on the bought domain... Is this a bug since I entered my portfolio on various occasion on my work computer and I just need to clear cache or so? (will need to try it next time in office...) thanks! Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment