Jump to content

https://domain works fine but http://domain show "Not secure"

By delsol, in Getting Started With Squarespace

Go to solution Solved by paul2009,

Recommended Posts

delsol Level 2

delsol

Posted
Posted

We recently attached a domain we own to our SquareSpace site and we obviously have a working SSL cert at https://teamchase.life as indicated by the browser lock icon. We also ran an SSL checker just to be sure. However, if a user enters http://teamchase.life in either Chrome or Edge you get the Not Secure warning. Squarespace is a bit different than other sites I manage where I just redirect http to https in the .htaccess with a stanza like 

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>

How can I do that with a SquareSpace site? I couldn't find a setting to ensure that http is redirected to https.

Thanks for any advice

Link to comment
  • Replies 2
  • Views 885
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

  • Solution
paul2009 Level 18

paul2009

Posted
  • Solution
Posted (edited)
1 hour ago, delsol said:

We recently attached a domain we own to our SquareSpace site and we obviously have a working SSL cert. However, if a user enters http://... you get the Not Secure warning.

Once SSL is working, you should enable HSTS Secure. This will ensure that users can only view the encrypted version, preventing potential attackers from impersonating your site.

You should find the setting in Settings > Advanced > SSLSecurity preference.

It is important to note that you should only enable this once you are sure that your domain is fully connected and SSL (HTTPS) is working correctly on your site. This is because if you disable HSTS later, anyone who visited while HSTS was enabled will be blocked from your site for up to 72 hours.

Did this help? Please give feedback by clicking an icon below  ⬇️

Edited by paul2009

About me: I'm Paul. A SQSP User for 18 yrs, I joined Circle when it launched in 2016 and have been a Circle Leader since 2017. I value honesty, transparency, diversity and good design ♥.
Work: Founder of SF.DIGITAL, providing expertise and extensions to supercharge your Squarespace website. 
Content: Views and opinions are my own. Links in my posts may refer to my own SF.DIGITAL products or may be affiliate links.
Forum advice is free. You can thank me by clicking one of the feedback emojis below. Coffee fuels my work.
Book paid help with a Squarespace Domain

Link to comment
  • 2 months later...
AEmte Level 1

AEmte

Posted
Posted

Hi Paul and Delsol,

I'm experiencing a similar problem!

I already had HSTS enabled. But the issue I'm experiencing is when I try to enter my portfolio with my bought domain (via Squarespace, https://www.emtemark.com/) on my computer laptop at work. I get the message "not secure" on chrome and safari. However, I can access the portfolio by going via the longer/original link (https://emtemark.ssquarespace.com/).

But strangely, when I try the same at home with my work computer it works fine to access my portfolio on the bought domain... 

Is this a bug since I entered my portfolio on various occasion on my work computer and I just need to clear cache or so? (will need to try it next time in office...)

 

thanks!

 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Sign Up / Login
Go to topic listing
×
×
  • Create New...

Squarespace Webinars

Free online sessions where you’ll learn the basics and refine your Squarespace skills.

Upcoming Webinars →

Hire a Designer

Stand out online with the help of an experienced designer or developer.

Get Matched →

Support

Community

Developers

Resources