What is SSL?
SSL, or “secure sockets layer,” is security encryption technology used on lots of websites to prevent bad people on the internet from stealing or intercepting info submitted via online forms.
In general, sites covered with SSL protection start with the prefix
https:// instead of simply
http://. You might also notice a lock icon in the address bar of your browser on SSL-protected sites. 🔒
Does my shop have SSL?
Yes! Big Cartel addresses and custom domains connected to Big Cartel shops are fully SSL encrypted from top to bottom.
http:// instead of
Once you secure your assets, you can contact our support team to get opted in for site-wide SSL, and you’ll be set.
What do the lock icons mean?
On the Account page of your admin, you’ll notice a color-coded lock icon next to your custom domain if you’re using one with your shop.
- 💚Green - your domain is fully SSL encrypted!
- 💛Yellow - your domain is opted in for SSL. Sit tight while we generate your secure certificate, and it’ll be ready soon.
- 🔴Red - your domain is not SSL encrypted. This is due to a problem with your custom domain setup, unsecured assets detected in your shop, or the SSL certificate failed to generate.
If you’re seeing a red lock icon and need a hand with troubleshooting, contact us and we can point you in the right direction.
What about SSL certificates from my custom domain provider?
We don’t support file uploads to our servers, so there isn’t a way to install a third-party or custom domain SSL certificate in a Big Cartel shop. However, all stores with custom domains automatically get a free SSL certificate generated by us via Let’s Encrypt, so you won’t need to do anything extra (or spend any extra cash) to get site-wide SSL.
Your checkout and all the pages located at
https://example.bigcartel.com URLs will also always be covered automatically by SSL protection as described above, and no sensitive data is ever transferred without that layer of security.
Help, I don’t see SSL encryption in my store!
If you visit your store and don’t see the lock icon in your browser’s address bar, or see a “not secure” or “mixed content warning” about unsecure content on a page, that means unsecured assets were detected in your theme.
In other words, those custom images or theme files are located at
http:// prefixes and not the secure
To fix that, here are some things to look out for and what to do:
- Enter your store URL at Why No Padlock? and click Test page or at Missing Padlock and click Crawl My Site. You’ll be shown a list of files that need to be served over https:// to be secure.
- Do you have any externally uploaded images added to product descriptions or in custom pages that aren’t hosted at secure links? You’ll need to upload your files to a secure host like Postimage or Dropbox and update the image links in your theme to reflect the new `https:// addresses. There’s more on adding images here.
https://locations and updating your theme code.
- We will automatically generate your SSL for you once you update your assets to secure
https://locations and publish your updates. After you’ve saved your changes, check the Account page of your admin and you’ll see a yellow or green lock next to your store address, showing that your SSL certificate has been created.
- Still stuck? Feel free to reach out to our support team and we can lend a hand.