SSL security

What is SSL?

SSL, or “secure sockets layer,” is security encryption technology used on lots of websites to prevent bad people on the internet from stealing or intercepting info submitted via online forms.

In general, sites covered with SSL protection start with the prefix https:// instead of simply http://. You might also notice a lock icon in the address bar of your browser on SSL-protected sites. 🔒

Does my shop have SSL?

Yes! Big Cartel addresses and custom domains connected to Big Cartel shops are fully SSL encrypted from top to bottom.

There is one possible exception, however: if your shop has any unsecured assets, we don't force SSL (except for checkout which is always covered by SSL). Unsecured assets include custom images, Javascript, or CSS you might have added to your theme served over http:// instead of https://.

Once you secure your assets, you can contact our support team to get opted in for site-wide SSL, and you'll be set.

What do the lock icons mean?

On the Account page of your admin, you'll notice a color-coded lock icon next to your custom domain if you're using one with your shop.

• 💚Green - your domain is fully SSL encrypted!

• 💛Yellow - your domain is opted in for SSL. Sit tight while we generate your secure certificate, and it'll be ready soon.

• 🔴Red - your domain is not SSL encrypted. This is due to a problem with your custom domain setup, unsecured assets detected in your shop, or the SSL certificate failed to generate.

If you're seeing a red lock icon and need a hand with troubleshooting, contact us and we can point you in the right direction.

What about SSL certificates from my custom domain provider?

We don't support file uploads to our servers, so there isn't a way to install a third-party or custom domain SSL certificate in a Big Cartel shop. However, all stores with custom domains automatically get a free SSL certificate generated by us via Let's Encrypt, so you won't need to do anything extra (or spend any extra cash) to get site-wide SSL.

Your checkout and all the pages located at https://example.bigcartel.com URLs will also always be covered automatically by SSL protection as described above, and no sensitive data is ever transferred without that layer of security.

Help, I don't see SSL encryption in my store!

If you visit your store and don't see the lock icon in your browser's address bar, or see a "not secure" or "mixed content warning" about unsecure content on a page, that means unsecured assets were detected in your theme.

In other words, those custom images or theme files are located at http:// prefixes and not the secure https:// prefix.

To fix that, here are some things to look out for and what to do:

• Enter your store URL at Why No Padlock? and click Test page or at Missing Padlock and click Crawl My Site. You'll be shown a list of files that need to be served over https:// to be secure.

• Do you have any externally uploaded images added to product descriptions or in custom pages that aren't hosted at secure links? You'll need to upload your files to a secure host like Postimage or Dropbox and update the image links in your theme to reflect the new `https:// addresses. There's more on adding images here.

• Are you using a custom theme that uses externally hosted, "unsecure" Javascript or CSS files? Make sure to upload those files to a secure host like Dropbox, or get in touch with your theme provider for help with uploading them to new https:// locations and updating your theme code.

• We will automatically generate your SSL for you once you update your assets to secure https:// locations and publish your updates. After you've saved your changes, check the Account page of your admin and you'll see a yellow or green lock next to your store address, showing that your SSL certificate has been created.

• Still stuck? Feel free to reach out to our support team and we can lend a hand.