SSL (Secure Sockets Layer) is the industry-standard security protocol for establishing a secure connection between a web browser and a web server/platform. This connection ensures that any data transferred between web servers and browsers remains private and safe. Typically, SSL is used to secure credit card transactions, data transfers and logins.
To be able to create an SSL connection a web server requires an SSL certificate. Setting up an SSL certificate for your store lets you:
- secure your online store with HTTPS (instead of HTTP)
- inform your customers that your website can be trusted (the SSL padlock icon is displayed next to your store's URL)
In addition, Google recently announced that it will increase the ranking of websites that provide secure connections.
You can request and activate an SSL certificate for your store in the Back Office. This article explains this process and includes these topics:
- SSL in Lightspeed eCom
- Requesting your SSL certificate
- Activating your SSL certificate
- Renewing your SSL certificate
- Deleting or canceling an SSL certificate
- Troubleshooting and additional steps
Lightspeed eCom offers two types of SSL certificates:
- Domain Validated (FREE) - With Domain validated certificates only the domain name is validated. It checks if you and/or Lightspeed have control over the domain. With this free SSL certificate your website is secure and meets all requirements set by Google.
- Extended Validation (REQUIRES PAID SUBSCRIPTION) - Extended Validation checks the origin of the domain owner. A validation of the company is performed to make sure the company is legitimate and is the rightful owner of the domain. This type of validation enables the green bar (in addition to the SSL padlock) next to your store's URL, further increasing the trustworthiness of your store. The cost of the Extended Validation certificate is added to your monthly invoice.
Before you proceed
Before requesting an SSL certificate, make sure your online store meets these requirements:
- Your online store must be on an active domain.
- Your online store must not have any non-secure connections. Check whether there are any non-secure connections on your website by using the Template Editor. (If your website has a non-secure connection, web browsers will disable SSL encryption when connecting to your store.)
To request an SSL certificate
- On the left panel of the Back Office navigate to SYSTEM > Settings > WEBSITE SETTINGS > SSL Certificates.
- Specify the type of SSL certificate you want to activate: Domain Validated or Extended Validation.
- Click Buy Certificate for Extended Validation, or click Activate for Domain Validated.
- On the page that displays, enter the relevant information. All fields on this page are required.
NOTE: The information you enter on this page needs to match the information on file with your web site hosting company; otherwise, your request for an SSL certificate may not be approved.DOMAIN NAME
Specify your domain name.
- Chamber of Commerce number (Extended Validation only) - Enter your CoC number.
- Company name (Extended Validation only) - Enter the name of your company, as known to the CoC or tax authorities.
- First name -Enter your first name here.
- Last name - Enter your last name here.
- Phone number - Enter your business telephone number. This will be used for phone verification for the Extended Validation certificate.
- Email - Enter your company email address here.
- Country - Specify the country where your office is located.
- Address 1 (& 2) - Enter the street name and civic number of your office.
- Zipcode - Enter the zipcode or postal code of your office.
- City - Enter the city where your office is located.
- Region - Enter the state or province where your office is located.
CONFIRMATION (EXTENDED CERTIFICATE)
Type your Lightspeed eCom password to confirm the request. This is the same password you use to log in to the Back Office.
- Click Request Certificate. You're redirected to a page that explains the next steps in the process.
Please note that it can take up to 24 hours for your request to be processed and approved.
- Check the status of your request by navigating to SYSTEM > Settings > WEBSITE SETTINGS > SSL Certificates. If the status changes from Pending to Ready, your request has been approved and your certificate is ready for activation and use.
Once your request for an SSL certificate is approved, you can activate your certificate. However, before activating, verify that all redirects have been set correctly.
- If you're connected through DNS, you'll need to change the IP address to 188.8.131.52. For more information, see Configuring your domain registrar.
NOTE: If you’re connected through a name server, no changes are needed.
- On the left panel of the Back Office, navigate to SYSTEM > Settings > WEBSITE SETTINGS > SSL Certificates.
- Click Activate. You're redirected to a page where you can test your SSL certificate to verify the DNS changes you made in step 1.
NOTE: We strongly recommend that you test your SSL certificate before activating it.
- Click Test your store. If there are no errors, click Activate. Your SSL certificate is now active.
Your SSL certificate automatically renews each year. Your new certificate will be available approximately one month before the old certificate expires; you can view the renewed certificate by navigating to SYSTEM > Settings > WEBSITE SETTINGS > SSL certificates.
NOTE: You must manually activate your renewed certificate. Make sure you activate the new SSL certificate before deactivating the old certificate.
NOTE: If you deactivate a certificate without activating a new one, your online store will revert back to http:// (from https://). Consequently, your web site will lose its search engine index ranking. We strongly recommend that you always have an active SSL certificate for your store.
- Go to SYSTEM > Settings > WEBSITE SETTINGS > SSL Certificates.
- Select the SSL certificate by clicking it, then click delete. If the SSL certificate has not yet been approved, click Cancel when prompted.
CAUTION: This action cannot be undone.
The following are some considerations to keep in mind in the event of any issues:
- It can take up to 24 hours for DNS changes to take effect.
- If you think you have a non-working SSL certificate, or if your DNS changes have not yet taken effect (after 24 hours), DO NOT revert back to your old DNS.
- Once you associate the new DNS information to the domain name with your hosting provider, perform these additional steps, if applicable:
You’ll need to force Google Search Console to verify your website through an https:// connection.
- Log on to Google Search Console.
- Click ADD A PROPERTY.
- Enter your website's domain name with the https:// prefix; for example, https://www.domain.com
The new property uses the same verification code and will, therefore, be verified immediately.
If you haven't yet set up Google Search Console for your website, see Configuring Google Search Console (Webmasters). Otherwise, continue to step 4, below.
- From the sidebar on the left, click Crawling, then click Sitemaps.
- Click ADD/TEST SITEMAP on the right.
- Enter sitemap.xml in the text area that's provided.
- Click Submit Sitemap.
- Delete the previous sitemap from the old property (http://) if it exists.
You'll need to also update Google Adwords Sitelinks. On Google Adwords, navigate to Ad extensions > Extensions for sitelinks.
You might also need to update XML feed URLs.
If you use a Payment Service Provider that supports notification URLs to communicate with an online store, check whether or not the URLs use https://.
If you're unsure, contact your Payment Service Provider's support department.
If applicable, do the same for other links and pictures you've added to product descriptions, categories, text pages, etc.
If you've activated the Theme Editor, it's possible the theme you're currently running uses http:// links. Verify the head.rain, fixed.rain and product.rain files and change all occurrences of http:// to https://. You can do this rather quickly by searching through the files for http:, using either the CMD-F or CTRL-F keys.
TIP: scan your website with www.whynopadlock.com.
If your website has redirects, update them all to https://.
You can do this by exporting the redirects to a file from the Back Office:
- On the left panel of the Back Office navigate to SYSTEM > Tools > Export > New export > Redirects.
- Open the exported file with either Microsoft Excel, OpenOffice Calc or Google Sheets.
- Replace all occurrences of http:// with https://. (Use CMD-F or CTRL-F and perform a search and replace.)
- Once you've updated the file, import it back into your website: SYSTEM > Tools > Import > Select file > Open > Select a category > Redirects > Continue.