SilkStart provides an SSL certificate to all of our customers for free through Let's Encrypt to ensure that member data, payment details, and other sensitive information can be securely submitted through your website.
In this article:
- What is an SSL certificate?
- Why is this important?
- Is my SilkStart site secure?
- How does SSL affect me?
SSL is an acronym for Secure Sockets Layer, an encryption technology that was created by Netscape. SSL creates an encrypted connection between your web server and your visitors' web browser allowing for private information to be transmitted without the risk of eavesdropping, data tampering, or message forgery.
SSL certificates are used on websites to secure actions that would otherwise carry a risk for sensitive data to be stolen, such as payment processing, or creating a new member account and password.
You can tell if a website is secured by an SSL certificate if the URL in your address bar begins with HTTPS - the "S" denotes a secure connection. Otherwise, the URL will just begin with HTTP (not secure). Many browsers now show the URL in green or show a green lock icon to confirm you are connecting securely. Below is a screenshot of an SSL-secured website in Google Chrome.
The primary purpose of an SSL Certificate is to initiate a secure connection between a website's server and the visitor's internet browser. Once a secure connection is established, all information passed online between the website and the visitor will be kept private, ensuring it reaches the correct destination server without being intercepted. This is comparable to an envelope being sent through the mail, as the envelope protects the information inside until it reaches its recipient.
In addition, Google Chrome has gradually made changes to what information website visitors see when viewing a website without an SSL certificate, and has begun ranking sites higher in their search results if they have an SSL certificate.
Yes! - SilkStart provides an SSL certificate to all of our customers for free through Let's Encrypt.
This provides the safest online experience for you and your members, while ensuring your website can rank well in search results.
Every SilkStart customer already enjoyed a strong level of site security for free with SilkStart’s built-in SSL certificate, achieved by occasionally redirecting users to the secure SilkStart domain (https://yoursite.silkstart.com). This new update ensures that all pages, whether on your SilkStart domain or custom domain, are accessed securely.
What is "Let's Encrypt"?
Let's Encrypt is a free, automated, and open Certificate Authority. It is an open-source project provided by the Internet Security Research Group.
Let's Encrypt allows SilkStart to generate an SSL certificate for each individual customer website, and to automate the process for replacing it when it expires. This means that there are no complicated steps involved in replacing an expired certificate.
If you have already purchased your own custom SSL Certificate:
If your site already has an SSL certificate that was purchased and installed for you by SilkStart's developers, your certificate will not be interrupted by this update, but you may wish to change to the free Let's Encrypt option when your certificate is due for renewal. The new update has only added SSL certificates to all SilkStart customers who did not already have one installed.
If you do wish to make a change to the Let's Encrypt option, we recommend doing so when your existing certificate is approaching its expiry date. If you're not sure when that is, you can find out using a tool like this one. Put your SilkStart site's custom domain in the search box, and look for the date under "SSL Certificate expiration". Please let us know at least 2 weeks before your certificate expires if you want to transfer to a Let's Encrypt SSL certificate, so that we can ensure a smooth transition.
If you have not purchased your own custom SSL certificate:
As a result of our update, our developers have installed an SSL certificate for you on your site. You can check this by going to your website, and changing http to https in the URL. All of the pages on your site will now use the https version of the URL by default. No change is needed for you to update anything on your website. Any links that already exist will automatically be updated to use the secure connection. SSL certificates have expiry dates, and your free Let's Encrypt SSL certificate will automatically be renewed, so you don't have to worry!
If your site is not launched yet:
During account setup, your connection is secured by SilkStart's own SSL certificate. You can access your site via https://yoursite.silkstart.com, and this uses a secure connection.
Once your setup is complete and your custom domain is pointing at your SilkStart site, we will also set up an SSL certificate for your site's custom address using Let's Encrypt. This change has to happen after your custom domain has been set up, so we recommend that you give us a heads up in advance - that way we can do the prep work early. There will be a brief window when your custom domain is up but your SSL certificate is not yet; during that period your site will revert to your .silkstart.com address for secure functions like logging in and making payments. With advance notice, the turnaround time for getting your SSL certificate up is typically one day. SSL certificates have expiry dates, and your free Let's Encrypt SSL certificate will automatically be renewed when the expiry date is approaching.
What are my other options?
We recognize that some associations may not be comfortable using an open-source project like Let's Encrypt for this purpose, so we will continue to offer the option of purchasing an SSL certificate through a different Certificate Authority at cost. Please contact us for more information about the costs and timeline for purchasing your SSL certificate elsewhere.