***ANNOUNCEMENT - The information below is for customers using a custom domain for their Thinkific site. It relates to things as they stand as of May 2017. Our aim is to have every page of a Thinkific site, regardless of whether it has a custom domain, covered by an SSL certificate as of this month. If you have any questions/concerns about what this means for you and your business, please do not hesitate to get in touch***
1. What is an SSL certificate?
Some websites appear with URLs that say 'http' at the beginning, and some appear with 'https' instead. The 's' stands for secure and it implies that any information transferred to this kind of website is much harder to get a hold of.
A website is available at 'https' when it has an SSL certificate applied to it. An SSL certificate ensures the connection is indeed secure, so it can be offered with https.
You'll know that an SSL certificate is present for a webpage because the little green padlock (shown below) will show next to the URL in your browser's address bar.
SSL certificates are offered on a domain basis, so if a website called www.site.com is covered, all parts of that site are secured (sign up form, checkout, content, etc.).
2. SSL certificates for customers using thinkific.com URLs
When you first sign up for Thinkific, you get a course site on what is called a 'subdomain' of our website (e.g. mycoursesite.thinkific.com). Course sites using a thinkific.com URL are completely covered by Thinkific's SSL certificate, which means that all parts of the site are available at https links (landing pages, course content, checkout...everything!) If you have a course site on a subdomain at thinkific.com, you don't need to worry about having an SSL certificate because it's covered by our own one for thinkific.com.
You can link to your course site with URLs beginning with 'https'. If you want all of your course site links to automatically have 'https' in front of the URL, please give us a shout here.
2. SSL certificates for customers using a custom domain
On any paid plan, you can have your Thinkific site available at your own, branded domain (e.g. academy-of-things.com rather than academy-of-things.thinkific.com).
Thinkific's own SSL certificate can only cover sites at thinkific.com so, once you're using a custom domain, most pages of your site are not covered by an SSL certificate.
Important note: Checkout for Thinkific sites is always handled at a thinkific.com URL (see below), meaning that the checkout process for your site is secure even when you're using a custom domain.
3. Help! I'm seeing a warning from my browser when I access my Thinkific site
As long as you don't add 'https' before the URL when linking to your course site, you or your students won't run into any inaccurate browser warnings about your website (e.g. like the one below).
Takeaway from this: If you're on a site that doesn't have an SSL certificate applied to the domain, make sure you're using a URL that begins with http (not https) to avoid scary browser warnings.
4. I'm using a custom domain, but I need SSL across my whole Thinkific site. What do I do?
Important note: The main place that you need an SSL certificate applied is your checkout page because that's where sensitive data (i.e. credit card information) is being transferred. This will always be covered by us for you, on any Thinkific site with any URL (see section 2 above for more info).
5. Alternative options
If you do need SSL across all pages, and the current pricing isn't an option for you, you can always use your external website (with an SSL applied) for your landing pages, additional pages, etc. You can then simply link direct to the secure checkout on Thinkific (here's how) for the payment and course taking pages. (The course content itself is also always secure - more on that here).
And if you're on the Business plan, you can even use a third-party checkout system and link that to your Thinkific site via Zapier (up to 100 users per month). More on that here
We hope this helps! If you want to speak to us more about SSL on your Thinkific site, please don't hesitate to contact us here.
Just checking in...Are you still on track for April 2017 for all thinkific sites (even custom domains) to be covered by an SSL certificate?
Our aim is to have every page of a Thinkific site, regardless of whether it has a custom domain, covered by an SSL certificate as of April 2017
To avoid disappointment, I never like to promise that something will be ready by a certain date (as these things are unpredictable). That said, all is looking well as of right now! For existing customers/sites there will be a migration process, but we will be making sure everyone is kept in the loop, so keep an eye on your inbox/in-app messages for the latest updates :)
Great thanks Catherine
I'm using your thinkific.com (not custom)site as part of my domain but the url information says this site is not secure. The info tells me not to use personal/credit card details so this obviously would scare off any one wishing to buy my courses. Your info above says all our data is secure using the thinkific.com url.... site is http://entrepreneurmums.thinkific.com/courses/money-mindset
Also even this support page does not show any secure site info in the url. why is this so?
Right now, we have people's sites defaulting to HTTP to avoid them seeing any security messages from their browser (which happens when you're visiting a site via an HTTPS link when it doesn't have an SSL certificate applied)
Because you're using a thinkific.com URL, your site is covered under our SSL cert, so you can certainly add the 's' into your site links if you like. Rather than logging in at www.thinkific.com if you always log in at https://entrepreneurmums.thinkific.com/manage that makes it nice and easy for you to make sure you're always on HTTPS.
And when advertising your Thinkific site, simply make sure that you're always using https://entrepreneurmums.thinkific.com.
When you're ready to switch to a custom domain (more on that here), the good news is that we're just about to make it so that there's SSL everywhere, even for customers using custom domains! Keep an eye on our in-app changelog (in the top right of your admin dashboard) for updates!
Any more news about HTTPS support with custom domains? My customers are chomping at the bit! :)
I hear you on that one -
We're in the very final stages of testing this so it shouldn't be too long now!
Keep an eye on our changelog for news, and happy to help if you have any questions at all.
Hi, I'm holding off with a big affiliate until the HTTPS issue is resolved. Will that be announced on the Thinkific Facebook page? And are we still looking at the end of April. My affiliate is ready to go...
The new SSL feature is in the final stages of testing, so it shouldn't be too long now!
We'll be announcing it with an in-app message directly in the admin dashboard, so keep your eyes peeled for that :)
Thank you so much (to all) for your patience with this - we just want to make sure everything is absolutely sound before pushing it live.
We're here to help if you have any questions at all in the meantime.
Is there any update on this? Was this part of the update that happen last Friday?
Sorry for the delay on this! We're very, very close to releasing this feature. We have almost completed testing and should be ready to go soon after. Keep an eye out for any notifications on your admin dashboard!
Hi is this feature (SSL everywhere, including custom domains) live now? thanks -Mike
Yes, this is available now. You can turn on SSL by heading into your Advanced Settings page on your admin dashboard.
Hope this helps.