Jump to content

https://domain works fine but http://domain show "Not secure"

Go to solution Solved by paul2009,

Recommended Posts

We recently attached a domain we own to our SquareSpace site and we obviously have a working SSL cert at https://teamchase.life as indicated by the browser lock icon. We also ran an SSL checker just to be sure. However, if a user enters http://teamchase.life in either Chrome or Edge you get the Not Secure warning. Squarespace is a bit different than other sites I manage where I just redirect http to https in the .htaccess with a stanza like 

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

How can I do that with a SquareSpace site? I couldn't find a setting to ensure that http is redirected to https.

Thanks for any advice

Link to comment
  • Replies 2
  • Views 931
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

  • Solution
1 hour ago, delsol said:

We recently attached a domain we own to our SquareSpace site and we obviously have a working SSL cert. However, if a user enters http://... you get the Not Secure warning.

Once SSL is working, you should enable HSTS Secure. This will ensure that users can only view the encrypted version, preventing potential attackers from impersonating your site.

You should find the setting in Settings > Advanced > SSLSecurity preference.

It is important to note that you should only enable this once you are sure that your domain is fully connected and SSL (HTTPS) is working correctly on your site. This is because if you disable HSTS later, anyone who visited while HSTS was enabled will be blocked from your site for up to 72 hours.

Did this help? Please give feedback by clicking an icon below  ⬇️

Edited by paul2009

About me: I'm Paul, a SQSP user for over 18 yrs and a Circle Leader since 2017. I value honesty, transparency, diversity and good design ♥.
Work: Founder of SF.DIGITAL, providing high quality original extensions to supercharge your Squarespace website. 
Content: Views and opinions are my own. Links in my posts may refer to my own SF.DIGITAL products or may be affiliate links.
Forum advice is completely free. You can thank me by selecting a feedback emoji below. Buying a coffee is optional.

Book paid help with domains: Connect a GoDaddy domain. Connect a Squarespace Domain. Domain assistance

Link to comment
  • 2 months later...

Hi Paul and Delsol,

I'm experiencing a similar problem!

I already had HSTS enabled. But the issue I'm experiencing is when I try to enter my portfolio with my bought domain (via Squarespace, https://www.emtemark.com/) on my computer laptop at work. I get the message "not secure" on chrome and safari. However, I can access the portfolio by going via the longer/original link (https://emtemark.ssquarespace.com/).

But strangely, when I try the same at home with my work computer it works fine to access my portfolio on the bought domain... 

Is this a bug since I entered my portfolio on various occasion on my work computer and I just need to clear cache or so? (will need to try it next time in office...)




Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

  • Create New...

Squarespace Webinars

Free online sessions where you’ll learn the basics and refine your Squarespace skills.

Hire a Designer

Stand out online with the help of an experienced designer or developer.