Webflow SSL Hosting

Hi @brryant me again being a bother… Any updates? Almost 2 months since “working” and “stay tuned”. Really need this.

+1 on SSL. Is there a timeline for this? Thanks

getUserMedia() no longer works on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See Deprecating Powerful Features on Insecure Origins - The Chromium Projects for more details

No official timeline, but I can tell you that we’re very close - so close in fact that a number of my domains that are pointed to webflow are being served with SSL and it is working well in my testing thus far :smile:

At this point we are primarily working on the finishing touches / testing, and expect to have it launched as soon as we get all the kinks ironed out!

10 Likes

+1 on this request. SSL is a must-have !

1 Like

That is amazing @nathan ! Thanks a lot for the update! We have been really looking forward to this for months!

1 Like

Hi everyone! Want to help us beta test our SSL feature? Sign up here:

1 Like

Don’t go/recommend cloudflare as it’s not end-to-end encryption. It’s encrypted from client to Cloudflare then in the clear from Cloudflare to your public webflow site. So don’t be fooled by the green shield/tick. Use your domain.webflow.io domain with https at the start - https://shoosh-monkey-it-solutions.webflow.io . Works a treat.

Hi @chiefmonkey, thanks for the comment. One note, this works for webflow.io sub-domains, but I think most of the people wanting this feature, wishes to use it with a custom domain.

When using https with a custom domain (with no ssl) will raise the unsecure warning message in Chrome. Just a note to keep in mind.

SSL is coming sooon :slight_smile:

Hey @cyberdave, yes you are correct for both points and the sooner we get hosted ssl support the better but I just wanted people to be aware that the cloudflare workaround isn’t complete security end to end (50% secure ain’t secure), just because it shows the green secure shield doesn’t mean it’s secure and I wouldn’t take sensitive information via that method. Your only doing them and your brand a disservice by fooling them, I’m not saying that bad people are sitting there sniffing all the packets going from Cloudflare to webflow but you just don’t want to risk it. My solution isn’t pretty but it’s end to end encrypted. Thanks.

Hi @chiefmonkey, thanks yes, you are correct, the flexible ssl solution from cloudflare is not encrypted ete, and since it is not a service provided by Webflow, we do not support that.

It is not something we advertise nor promote, it is just another option for people with custom domains to look at :slight_smile:

Thanks @PixelGeek ! Been beta testing SSL for a couple of days now with no issues!

1 Like

I am embedding script with an app which points to a https
chrome and firefox give warning, explorer just nothing …
signed up for the SSL Beta. Do you know how long it takes to be set up??

(I am in a beta)
$5 a month for free api call on let’s encrypt?! Are you guys sure?
This fee looks exorbitant to me.

You should offer it for free (or you know, “practically free”, it’s a shame that you have 1 non-ssl page on your platform in this day and age.

Hope you change your mind before beta ends, otherwise, i will have to relocate my domains.

Hi @PixelGeek we started having issues in Firefox (attached screenshot) all other browsers seem to work fine.

Hi @jalagrange - looks like everything is working now:

Might be a weird glitch with the cert authority.

(I am in a beta)
My naked domain is not encrypted.

I am bummed because this is how i usually send the links around (without www).

My “www” domain works fine.
check status returns;

check status on naked domain, return this;


(i did change from proxy.webflow.com to proxy-ssl.webflow.com)

Am I missing something, or is not supported jet?

Best,
Luka

Just a heads up as far as credit card processing… SSL 2 + SSL 3 is no longer a PCI compliant secure way of processing payments online or over the internet. It is being ousted as of June 30th 2016 I believe.

TLS Transport Layer Security is now the standard for PCI security council guidelines… It is possible to utilize a 3 step redirect through a payment gateway though to stay outside the scope of PCI and capture the data using TLS outside your internal website and server.

This first link shows a diagram and has an explanation how the 3 step redirect will avoid touching the internal server to process a payment and keep the sensitive cardholder data secure through the payment process. I Also attached a link to the PCI Security Standards blog explaining the migration. This is a council put in place by the payment industry that oversees cardholder security. Here is also a link from Cloudflare showing the standards. I would say just make sure if you are using Cloudflare to ask them what the free certificates security level offers and if you are creating a site to accept payments you should utilize either a 3 step redirect through a payment gateway and or make sure you have the proper TLS Certificate integration with your website.

https://support.cloudflare.com/hc/en-us/articles/205043158-PCI-3-1-and-TLS-1-2

1 Like

+1 for SSL hosting on custom domains!

  • 1 for SSL hosting.

This will dramatically help on our SEO work with the new phantom upgrade that just arrived.
It is crucial to be able to add the SSL before we start getting to many links so we don’t need to convert.

Any updates and when it will be implemented on custom domains?

T

3 Likes

Well, I am testing SSL, and needless to say it works just fine and flawlessly,

Now on to the seriousness of the robery that is going on…

WEBFLOW is using “Letsencrypt” to provide SSL services to all of us…

Letsencrypt is a free automated service, this means that webflow does not need to do any upkeep or maintenance for you to keep your certs active.

Letsencrypt is free to webflow and in turn also free for you to use on any website in the world…

Webflow wants to charge you $5 USD a MONTH!!! to use this free service,

Furthermore, (Letsencrypt) created this service to provide it as a free service to people and web developers. There only intention is to provide FREE ssl to the world.

If Webflow had any integrity they would allow this service to be 100% free to all users… ESPECIALLY any users who pay for a PRO account.

When I checked the cert on my website and saw that it was from LETSENCRYPT I almost lost my marbles…

Not to mention, I can buy a paid cert for $3 a year with the same 256bit encryption.

This is absolutely internet robbery and webflow should be ashamed of what they are doing here.

Its really sad, I really wanted to use webflow because its nice and easy to use, but it looks like I will be exporting all of my customers websites and hosting them on cloudways with its free offering of “letsencrypt” and just as fast servers and using drupal and wordpress for CMS websites.

To end this, Letsencrypt was made to be a free service… are they even aware that you are charging for it? They might seriously lock you guys out if they knew what you where doing here.

Make it free and right this wrong.

Maybe you can make it up to us.

Regards,
Kyle

1 Like