HTTPS Encryption / SSL Option for all Packages - SEO Best Practice

Now that Chrome has been updated to basically shame websites that are not secured, it would be good to have the option to purchase and enable HTTPS/SSL for any paid site since this is a best practice for SEO. I saw in another community post that there are no plans at this time to make this option available for anything below the Business package but I hope that is reconsidered if there is enough user support. Weebly is a great platform and keeps getting better, but it would be unfortunate to have to accept that using Weebly means that you will not be able to adhere to certain SEO best practices.

 

For reference, here is the post from the Google Webmaster Central Blog back in 2014: HTTPS as a ranking signal

  • best practices
  • SEO
  • SSL
  • best practices
  • SEO
  • SSL
Comments

Hi

 

At the moment the only way to get ssl encryption is with the business plan, but if you don't need those features, it's quite expensive!

 

A few weeks ago my hoster introduced the free certificates from Let's Encrypt. I think the future of the internet is encrypted and therefore the other plans should also get the ssl option.

 

https://en.wikipedia.org/wiki/Let%27s_Encrypt

 

Greetings from Switzerland

Hello @Lunchgate !

 

While there's a dedicated SSL certificate that comes with the Business plan, transactions on the other plans are still SSL encrypted.  They just use Weebly's own checkout system and process through checkout.weebly.com rather than directly integrated with the site.

 

We don't recommend that an entire site be SSL encrypted beyond the the checkout portion unless there is some compelling reason to do so.  One reason is that many sites have some page components that are drawing information from elsewhere (like a blog or photo feed, for example) that may not be SSL secured, in which case there might be a security conflict and the HTTPS would be crossed out and in red, and the browser may issue a security warning.

 

There's not a way to apply an SSL certificate obtained elsewhere to a Weebly site.

One would expect to have access to ALL of the Weebly Business functions they had access to and are paying for prior to choosing to use the SSL certificate provided with the Business package. Since this has affected three websites designs in my world now, a couple suggestions to consider: 

 

1) Be very upfront about the Weebly features that will not work when the HTTPS/SSL certificate is enabled.

2) Don't offer features that will not work when HTTPS/SSL secure.

3) Source new options to replace the Weebly features that will not work when HTTPS/SSL secure.

 

I have loved getting to know and working with Weebly for four websites now. Your customer service (although the last month has been slower response times) has been pretty phenomenal and is one of the main reasons I continue to work with Weebly. Keep up the great work and I look forward to seeing you continue to strive for betterSmiley Happy

 

Jenn

 

Hi Petey

 

Thanks for your answer :-)

 

I know there might be security issues, if you embed non ssl sources on a ssl website. That's why the SSL/TSL option actually needs to be switched on or of.

 

But I'm sure, it's also only a question of a short time, until ssl encryption will be standard in the web. If you embed videos from Youtube or Vimeo or maps from Google maps the embedcode already contains the source as https:// and there will be more and more.

 

As you can read on the linked Wikipedia page, the goal of Let's encrypt is making the whole Internet encrypted:

The project aims to make encrypted connections to World Wide Web servers ubiquitous.[4] By getting rid of payment, web server configuration, validation emails and dealing with expired certificates it is meant to significantly lower the complexity of setting up and maintaining TLS encryption.[5] On a Linux web server, execution of only two commands is sufficient to set up HTTPS encryption, acquire and install certificates within 20 to 30 seconds.[6][7]
To that end, a software package was included into the official Debian software repositories.[8][9] Current initiatives of major browser developers such as Mozilla and Google to deprecate unencrypted HTTP are counting on the availability of Let's Encrypt.[10][11] The project is acknowledged to have the potential to accomplish encrypted connections as the default case for the entire web.[12]

 

And also Google favor encrypted websites:

[...]We want to go even further. At Google I/O a few months ago, we called for “HTTPS everywhere” on the web.[...]We've seen positive results, so we're starting to use HTTPS as a ranking signal.

 

So i'm sure, the question is not IF Weebly will need to implement ssl for every one, but only WHEN Weebly will implement that feature. And as one of the leader of website builders, it should be your own requirement to be one of the first Smiley Happy

 

Greetings from Switzerland

I setup custom domain example.com

http://example.com redirects to http://www.example.com

I turn SSL on

I expect

https://example.com redirects to https://www.example.com

I observe that SSL cert for example.com is invalid!

 

 

This is totally inacceptable. Certificates with regular price of 69$ (which you compare yourself with) include both example.com and www.example.com so this is a bug.

 

 

In my real live scenario I had a website under example.com with HSTS (forward secrecy) on. Now when I (oe my previous visitors) type in example.com in browser, the browser instantly goes to https://example.com and returns broken certificate error.

 

(Also I observe that with SSL you redirect http://example.com -> http://www.example.com -> https://www.example.com; I suspect that from HSTS prospective the only valid redirect is http://example.com -> httpS://example.com -> https://www.example.com)

 

 

Overall, please issue domain cert and check the redirect order. The current implementation is a bug who affects real customers with past HSTS settings

 

Weebly should offer better SSL certificates so that your company name is in the browser address bar like this (extra security). Maybe part of the business plan?

 

220px-Extended-validation-stripe

 

It makes your website extra secure, plus, it looks cool!

Anyone who has gone through the trouble of setting up a secure website knows what a hassle getting and maintaining a certificate can be. Let’s Encrypt automates away the pain and lets site operators turn on and manage HTTPS with simple commands. Using Let’s Encrypt is free, so there is no need to arrange payment.

 

If you’d like to know more about how Let’s Encrypt works behind the scenes, check out our how it works page.

@muzaffar: Thanks you.  Can you tell us what kind of weebly hosting plan one would need to use the site? Starter, Pro or Business?

 

 

Dear @bobafett, Any one the plan can should use it, whether It's Starter, Pro or Business?, because I think security belongs to everyone of us.

hi , this feature is just a suggestion and i dont mean the weebly certificates to be free like a paid ssl , i mean a free ssl integration system to be used from lets encrypt or cloudflare or else .......    

 

thank you and i hope to add this feature

Announcements
Here are some important announcements.
Top Kudoed Authors