1. Home
  2. Forums Index
  3. WebmasterWorld / Ecommerce 12:06 pm May 5, 2026

Forum Moderators: buckworks

Message Too Old, No Replies

Shopify offers free SSL on all sites

         

ergophobe

6:12 pm on Feb 5, 2016 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



There's been a lot of press lately about Let's Encrypt, the initiative to create free SSL/TLS certificates. Of course, you've always been able to create self-signed certs, but without a Certificate Authority, those are only useful for "internal" uses, not for public-facing sites. Let's Encrypt is covered in this thread. [webmasterworld.com...]

If you look into Let's Encrypt, you'll see that it's really still for people with full server access who can install all the necessary stuff, which doesn't describe anyone on shared hosting or using a hosted solution.

Shopify doesn't say how they're offering free certs for your domain with every account. They might just have a special deal with a CA, but this highlights how https is becoming more and more the norm. This is what they sent in their partner email
We’ve issued and set up SSL certificates for all pages, content, and data on every Shopify store, in addition to Shopify checkouts. This will come at no additional cost to your clients, and is easily activated by clicking “Activate SSL certificates” in their Shopify account.... Read the docs [docs.shopify.com...]


I would expect Big Commerce, Squarespace and other big players in the hosted e-commerce space to feel pressured to follow suit soon (unless they already have and I missed it).

bakedjake

6:20 pm on Feb 5, 2016 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



Great news. Everything you do as a webmaster should be SSL/TLS secured, no exceptions. And your migration path should be clear at this point because non-SSL sites will be marked as insecure by all browsers likely by the end of the year.

Just for reference, Let's Encrypt now has a signed root, so it can be used on public facing websites.

[letsencrypt.org...] - main site
[gethttpsforfree.com...] - uses letsencrypt, for users that don't want to use the LE client but can generate CSRs on their own

Shopify doesn't say how they're offering free certs for your domain with every account.


They're probably using Let's Encrypt. The whole point behind the three month validity is to encourage people to use the automated methods that LE offers to automate the renewal every three months for additional safety. It makes a lot of sense for providers like Shopify to do this for their customers automatically.

--

But if you care about your business you've already got an EV certificate, right?

ergophobe

10:11 pm on Feb 5, 2016 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



>>[gethttpsforfree.com...]

Didn't know about that.

>> if you care about your business

I bet half the people using Shopify barely know what a certificate is, let alone the different types. I think this is aimed at them. Because the people who know and care about it already have a cert on their Shopify site

ergophobe

6:50 pm on Feb 6, 2016 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



By the way, I thought I would note that this does not change anything for checkout.

All normal Shopify sites still check out on the Shopify domain (they do have a Shopify Plus enterprise program that may be different). So this is about providing https on the content portion of the site.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Ecommerce 12:06 pm May 5, 2026