Secure Sockets Layer (SSL) or Hypertext Transfer Protocol Secure (HTTPS) provides a secure connection to your website, ensuring data integrity during transfer and building visitor trust. All websites can obtain an SSL certificate using Let's Encrypt, an open-source Certificate Authority offering free certificates. To generate an SSL certificate, your website must have a successfully pointed domain.
Note
-
There is not a way to provide an SSL certificate for content that is hosted on a different server.
-
TLS 1.2 and higher is supported.
-
Third-party SSLs are not supported.
Warning
Ensure that the Duda DNS records are detectable before attempting to generate an SSL certificate. If you exceed 5 attempts, you’ll reach the Let’s Encrypt (our SSL provider) limit and will need to wait a week before trying again. For details on how to check the DNS records, see the section in this article, How to verify DNS records.
Implementing HTTPS for your website is crucial for security, credibility, and legal compliance. HTTPS encrypts data transmitted between users' browsers and your site, ensuring confidentiality and integrity of sensitive information like login credentials and payment details. It builds trust with visitors, as they look for the padlock icon indicating a secure connection. HTTPS can also improve SEO rankings and comply with evolving browser standards that label HTTP sites as "Not Secure." Given these benefits and the growing expectation of secure browsing, HTTPS is essential for security, credibility, and legal compliance, making it a standard practice for all websites.
Once your site is published and configured with a custom domain (the Duda records need to have fully propagated, which can take anywhere from 5 minutes to 48 hours), the SSL should start generating automatically.
Unexpected issues may prevent it from automatically starting. In these situations, the SSL can usually be manually generated, although the Duda records will still need to have propagated.
To confirm it has started or to manually generate it, in the side panel, click SEO & Settings, and then click the Site SSL tab:
-
If it has started generating or has already generated, it will have a green check mark and either indicate In progress or Complete.
Note
If the SSL certificate indicates approved in the editor, the certificate may not be visible in the browser for up to 2 to 3 hours.
-
If it hasn't started generating, click Generate certificate. The process, handled by Let's Encrypt, may take up to an hour. An approval email will be sent to the account owner once it's complete.
-
If Generate certificate is showing not available, this indicates the editor is not able to detect the Duda DNS records. For troubleshooting, see FAQs and Troubleshooting.
-
-
Ensure the Force visitors to use secure connection (HTTPS) setting is toggle on (it should be by default). Any visitor will be redirected to the secure connection once this is enabled.
Note
-
SSL certificates require domain names within a 64-character limit (including WWW).
-
Avoid adding AAAA and CAA records, which can prevent SSL certificate issuance. Please ensure you do not have these records configured.
-
An SSL certificate is never deleted unless a person clicks Remove certificate.
To recreate your SSL Certificate you need to remove the old one and generate a new SSL Certificate.
There can be multiple reasons you might need to recreate your SSL certificate. For example, if you previously set up your domain using a method involving a CNAME and 301 Redirect and have changed your DNS settings to reflect a CNAME and two A Records, you will need to recreate your SSL certificate. Or, when you initially generated your SSL certificate, it might have been generated only for www.domain.com and not domain.com. This would make the site secure only on https://www.domain.com and not on https://domain.com. In this case, you'll also need to recreate your SSL certificate.
Warning
DNS records that contain AAAA record (IPV6) or CAA will not work. The AAAA or CAA records need to be removed in order to add the SSL certificate.
To remove and recreate an SSL:
Due to HTML standards, HTTP or non-secured content cannot be displayed in HTTPS or secure sites. This means that any custom code which relies on loading content from an HTTP server will not work in an SSL Site. If you need to use code which normally loads from an HTTP server, we recommend either:
-
Requesting HTTPS-friendly code from your code provider.
-
Disabling HTTPS for your Responsive Site.
As our editor displays by default on an HTTPS connection, one good way to test whether or not code will work in the final site is to see if it works in the editor. If it does not, it is equally unlikely to work in a live HTTPS site.
-
You will need to recreate your SSL certificate if you switch your DNS settings from CNAME and 301 Redirect to CNAME and two A Record methods.
-
Certificates are valid for three months and automatically renew two weeks before expiration to ensure ongoing security.
-
A small lock icon will appear in your Dashboard once your site is set up with a certificate, indicating a secure connection.
-
Duda employs HSTS Policy (HTTP Strict Transport Security) to protect against protocol downgrade attacks and cookie hijacking.
-
The site's secure connection uses the DV (Domain Validated) certificate.
-
Our SSL implementation does not support Internet Explorer on Windows XP but is compatible with Chrome and Firefox.
-
Not compatible with Android 2.3 and earlier devices.
-
We've added logic to the platform that makes sure we don't redirect traffic to HTTPS for these devices. If a user on an incompatible browser attempts to load the HTTPS version of the site, a security error/warning will appear. However, if the user visits the HTTP version of the site, the site will simply not load the HTTPS version.
-
-
Currently, our SSL solution does not support internationalized domain names (names with non-Latin characters, i.e www.bücher.de)
There could be many reasons for this, the most common being:
-
There's a CAA or AAAA record in the DNS (these interfere with SSLs and would need to be removed). See the section in this article, How to verify DNS records for how to check for these records
-
The changes made in the domain's DNS settings to add the Duda records (one CNAME and two A records) hasn't fully propagated (changes to your domain typically take less than a few hours to fully propagate. However, it may take up to 48 hours). See the section in this article, How to verify DNS records for how to verify the records
-
The domain is using Cloudflare's DNS and proxy is on. The proxy will need to be turned off to generate the Duda provided SSL.
-
The Force visitors to use secure connection (HTTPS) setting was accidentally toggled off. To verify the Force visitors to use secure connection (HTTPS) toggle is on, in the side panel, click SEO & Settings, and then click the Site SSL tab.
-
The default domain option (not the Custom Domain) option was used (for example,
sitename.multiscreensite.com).-
SSLs aren't provided for Default or White Label Site Domains, unless they are on custom. To automate this process on a large scale, head to our Contact Our Sales Team page.
-
There are a few reasons this could happen:
-
Instability in the DNS records during SSL generation.
-
Solution: remove certificate and recreate it. See the section in this article, Recreate an SSL Certificate.
-
-
The 'WWW' wasn't included in the domain when it was assigned to the site.
-
Solution: verify 'WWW' is included with the domain, if it isn't, change the URL to include it.
-
To update the domain:
-
The SSL may need to be recreated after adding the 'WWW'. See the section in this article, Recreate an SSL Certificate.
-
If the Generate certificate button is disabled, this indicates Duda's DNS records are not able to be detected. See the section, How to verify DNS records, in this article.
While there isn't an option to print or save the SSL, a screenshot can be taken of it with its information.
How to access the certificate may be different for different browsers. Here are the steps for Chrome:
To check the DNS records go to www.whatsmydns.net and in the dropdown, select CNAME, A, CAA, or AAAA.
-
For CNAME, complete the field using your whole URL (for example, www.domain.com). Ensure the search returns s.multiscreensite.com. If you see red Xs, or do not see the correct record, this means that the record was not set up correctly or the domain host is not propagating.
-
For the A record, complete the field using the naked domain (for example, domain.com). Ensure the search returns only 100.24.208.97 and 35.172.94.1. If you see red Xs, do not see the correct records, or see additional records, this means that the records were not set up correctly or the domain host is not propagating.
-
For CAA and AAAA records, complete the field using the naked domain (for example, domain.com). Ensure both of these return x's and not records. If records appear, these are the records that will need to be removed.
If you have verified that all DNS settings are correct, but they still appear incorrect when using a tool like www.whatsmydns.net, please contact your DNS provider.
Note
For information on the Duda records and adding them, see the Manual Connection option.
If the DNS records are not detected, you can still publish your site but you will need to manually generate the SSL certificate later. To learn how, follow the manual steps in Generate SSL Certificate.
We strongly recommend you check that DNS records are detectable before attempting to generate an SSL certificate. If you exceed 5 attempts, you’ll reach the Let’s Encrypt (our SSL provider) limit and will need to wait a week before trying again. For details on how to check the DNS records, see the section in this article, How to verify DNS records