Webflow SSL Hosting

Hi @PixelGeek we started having issues in Firefox (attached screenshot) all other browsers seem to work fine.

Hi @jalagrange - looks like everything is working now:

Might be a weird glitch with the cert authority.

(I am in a beta)
My naked domain is not encrypted.

I am bummed because this is how i usually send the links around (without www).

My “www” domain works fine.
check status returns;

check status on naked domain, return this;


(i did change from proxy.webflow.com to proxy-ssl.webflow.com)

Am I missing something, or is not supported jet?

Best,
Luka

Just a heads up as far as credit card processing… SSL 2 + SSL 3 is no longer a PCI compliant secure way of processing payments online or over the internet. It is being ousted as of June 30th 2016 I believe.

TLS Transport Layer Security is now the standard for PCI security council guidelines… It is possible to utilize a 3 step redirect through a payment gateway though to stay outside the scope of PCI and capture the data using TLS outside your internal website and server.

This first link shows a diagram and has an explanation how the 3 step redirect will avoid touching the internal server to process a payment and keep the sensitive cardholder data secure through the payment process. I Also attached a link to the PCI Security Standards blog explaining the migration. This is a council put in place by the payment industry that oversees cardholder security. Here is also a link from Cloudflare showing the standards. I would say just make sure if you are using Cloudflare to ask them what the free certificates security level offers and if you are creating a site to accept payments you should utilize either a 3 step redirect through a payment gateway and or make sure you have the proper TLS Certificate integration with your website.

https://support.cloudflare.com/hc/en-us/articles/205043158-PCI-3-1-and-TLS-1-2

1 Like

+1 for SSL hosting on custom domains!

  • 1 for SSL hosting.

This will dramatically help on our SEO work with the new phantom upgrade that just arrived.
It is crucial to be able to add the SSL before we start getting to many links so we don’t need to convert.

Any updates and when it will be implemented on custom domains?

T

3 Likes

Well, I am testing SSL, and needless to say it works just fine and flawlessly,

Now on to the seriousness of the robery that is going on…

WEBFLOW is using “Letsencrypt” to provide SSL services to all of us…

Letsencrypt is a free automated service, this means that webflow does not need to do any upkeep or maintenance for you to keep your certs active.

Letsencrypt is free to webflow and in turn also free for you to use on any website in the world…

Webflow wants to charge you $5 USD a MONTH!!! to use this free service,

Furthermore, (Letsencrypt) created this service to provide it as a free service to people and web developers. There only intention is to provide FREE ssl to the world.

If Webflow had any integrity they would allow this service to be 100% free to all users… ESPECIALLY any users who pay for a PRO account.

When I checked the cert on my website and saw that it was from LETSENCRYPT I almost lost my marbles…

Not to mention, I can buy a paid cert for $3 a year with the same 256bit encryption.

This is absolutely internet robbery and webflow should be ashamed of what they are doing here.

Its really sad, I really wanted to use webflow because its nice and easy to use, but it looks like I will be exporting all of my customers websites and hosting them on cloudways with its free offering of “letsencrypt” and just as fast servers and using drupal and wordpress for CMS websites.

To end this, Letsencrypt was made to be a free service… are they even aware that you are charging for it? They might seriously lock you guys out if they knew what you where doing here.

Make it free and right this wrong.

Maybe you can make it up to us.

Regards,
Kyle

1 Like

@litonfiredesign I believe from the 19th of this month webflow SSL will become free.

"Updates to Webflow hosting

We’re excited to announce three new hosting tiers that have several new features:
SSL Hosting will be available as an option for all hosted sites - for free! Many browsers will soon require SSL-enabled sites, and Webflow has you covered just in time! "

1 Like

Well that would be a sigh of relief…

Not sure why the beta testers would be charged for helping out…?

yeah I agree… I saw that they wanted to charge beta testers $5/month… I didn’t bother and would have left if they charged me $5/month to get letsencrypt certificates…

Hi Kyle,

Thanks for voicing your opinion, I wanted to address a few of the points you raised. First of all, the letsencrypt service is the only scalable way we can provide SSL hosting at the price point you mentioned for our managed hosting service. It’s an amazing effort by LetsEncrypt to provide a certificate provisioning service for everyone, at no cost - a true step forward for everyone on the internet. However, I do want to point out that provisioning the certificate, and deploying/maintaining your certificate at scale are separate concerns. Of course, you can provision your own SSL certificate yourself for free and host your website on your own servers, but I think it would benefit the community if we detailed exactly what you are paying for with Webflow’s SSL product (which will be free after 12/19):

First, you still get the benefits of all of Webflow hosting, including our CDN when you use our SSL solution. For site content to be served quickly and to lower your TTFB (which Google is using as a signal for SEO rankings), we build and maintain a fleet of SSL terminators where you certificate is deployed. This drastically lowers the TTFB, and how long the SSL handshake process takes between the server and the client. To replicate this on your own, you would have to build, deploy, and maintain over 20+ SSL terminator servers on Tier 1 hosting (in our case AWS), and install your own letsencrypt certificate there to achieve the same performance characteristics as Webflow’s hosting.

Second, if you were to create your own LetsEcrypt certificate, that would mean you can only create a cert that lasts 90 days. This is a real pain, as for every domain you host, you will now how to update the certificate every 90 days. And if you forget, you, your clients, and your client’s clients will see a nasty SSL expiry error whenever you visit the site. With Webflow’s SSL solution, we will automatically renew your certificate, so your site’s visitors will never see any errors.

Third, we make sure we have the most up to date servers and security patches deployed on our SSL terminator fleet, so you do not have to worry about making the myriad number of configurations and optimizations to ensure your site’s traffic is secure as possible.

Fourth, as we provision more and more SSL certificates for sites, we need more computational and memory capacity on our servers so we can scale our hosting infrastructure stack. This is another reason why it was a paid feature in the beta period.

All of this required months of engineering effort to design, build and launch. We are still making a lot of improvements behind the scenes, like increasing the number of SSL servers to ensure your sites load as quickly as possible for users all over the world. If you participated in the SSL beta, thank you for your valuable feedback. We’ll be launching a lot of improvements to SSL hosting on 12/19, when we launch our new pricing plans.

As some of you have pointed out already, we will not be charging additionally for SSL on the 19th, and you will be getting it for free as part of our new hosting plans. :relaxed:

If you have any other questions, please reach out! I’m happy to delve into the technical specifics of your SSL site if you are curious. Our goal here at Webflow is to make it as easy as possible for you to have the fastest, most scalable hosting on the internet - thank you for sharing our vision! :rocket:

8 Likes

Such a great explanation! Thanks so much for the detailed and thoughtful reply. :anger_right: :ok_hand: :sparkles:

1 Like

This topic was automatically closed after 7 days. New replies are no longer allowed.