Every Guesty website can have an SSL certificate to ensure a secure connection. Guesty uses Let's Encrypt, an open-source certificate authority, to provide these certificates for free.
When a website has an SSL certificate, it uses the HTTPS protocol to securely send data back and forth, preventing data from being modified or corrupted during transfer. This helps visitors trust that the website displays the intended content.
Additionally, a secure HTTPS connection serves as a minor ranking indicator to benefit the website's SEO.
To generate a certificate, the domain must point to the Guesty website successfully. Learn how to set up and publish your domain.
Note:
Guesty supports TLS 1.2 and higher.
Limitations
- Guesty doesn't provide SSL certificates for content hosted on different servers.
- Domains (including WWW) mustn't exceed 64 characters to generate an SSL certificate.
- The presence of AAAA or CAA records prevents Guesty from issuing an SSL certificate. Ensure these records aren't configured in your DNS settings.
Generate an SSL certificate
Follow the steps below to set up SSL once the website is published and configured with a custom domain.
- In the left panel, click Settings, and then click the Site SSL tab.
-
Click Generate certificate to create an SSL certificate. The process, which includes provisioning the request to Let’s Encrypt and configuring the newly generated SSL certificate, is fully automated and may take up to an hour. During the provisioning process, an “In progress” status indicates that the request is being handled. Once completed, the provisioning status is changed to “Complete”, and an approval email is sent to the account owner.
Note:
It may take up to three hours after approval in the editor to view an SSL certificate.
- To ensure your site is always accessed through SSL, toggle on Force visitors to use secure connection (HTTPS). Any visitor will be redirected to the secure connection once this is enabled.
- Click Republish.
Guesty never deletes an SSL certificate unless you click Remove certificate.
Recreate SSL certificates
If the domain was previously set up using a CNAME and 301 Redirect, and the DNS settings now use a CNAME and two A Records, the SSL certificate must be recreated.
Follow the steps below to recreate the SSL certificate:
Step by step:
- In the left-side menu, click Settings, and then click the Site SSL tab.
- Click Recreate Certificate.
- Wait for the platform to recreate the certificate.
Review secure connection details
- Recreate the SSL certificate if the DNS settings switched from the CNAME and 301 Redirect method to the CNAME and two A Record method.
- Website certificates remain valid for three months. Guesty automatically renews the certificate two weeks before it expires to keep the site secure.
- A small lock icon appears in the integration page to indicate the website is secure.
- Guesty Websites uses HSTS Policy (HTTP Strict Transport Security) to protect against protocol downgrade attacks and cookie hijacking.
- The secure connection uses a DV (Domain Validated) certificate.
- The SSL implementation isn't compatible with Internet Explorer on Windows XP but works on Chrome or Firefox.
- The implementation isn't compatible with Android 2.3 and earlier.
- Guesty doesn't redirect traffic to HTTPS for incompatible devices. If a user on an incompatible browser attempts to load the HTTPS version, a security warning appears. The site loads the HTTP version instead if the user visits it directly.
- The SSL solution doesn't support internationalized domain names containing non-Latin characters, such as "www.bücher.de".
Use custom or third-party code in SSL sites
HTML standards prevent non-secured (HTTP) content from appearing on secure (HTTPS) sites. Custom code relying on content from an HTTP server doesn't work on an SSL site. To use code that normally loads from an HTTP server, Guesty recommends one of the following:
- Requesting HTTPS-friendly code from your code provider
- Disabling HTTPS for your Responsive Site
The Guesty editor displays on an HTTPS connection by default. Test if code works in the editor to determine if it will function on the live HTTPS site. If the code fails in the editor, it will likely fail on the live site.