SSL ensures that any data on your site is encrypted, and your students won’t have to worry about the security of their information. This article goes over some basic information on SSL and how it works to secure your Teachable school.
A Secure Sockets Layer (or SSL) is a standard security protocol that encrypts any data shared between a web browser and web server. A secure connection ensures that any data taken from a site is confidential.
In order to create an SSL connection, an SSL certificate is needed. This allows the web browser to establish a secure connection to the web server. For the majority of schools, Teachable will create an SSL certificate on your behalf.
Once the process is completed, a secure connection is indicated by the website's URL being prefixed with "https" instead of "http", and by a visual indicator on the web browser's address bar (usually a padlock). The screenshot below is an example of how Google Chrome indicates a secure connection:
In the past, Teachable has always included free SSL on the pages where critical information is being transmitted. These pages included the Checkout page, Signup page, and Login page.
- Checkout page
- Signup page
- Login page
However, we understand that the security of users is important on every page, not just the ones with confidential information. By offering free SSL on all pages within a school (for both Teachable and custom domains), we’re giving you the following benefits:
- Security - If you have a site that is not HTTPS-enabled, students may be greeted with a warning from their browser that the site they are trying to access is insecure. Once SSL is enabled and you secure your site, your students can rest assured that they are free to participate in your course's without the fear of having their information stolen.
- SEO - Google has announced that they will take site security into account when ranking websites on a search engine. When your school has SSL enabled on every page, it will rank higher on search engine results and be seen by more people.
CAUTION: Teachable utilizes a wildcard SSL certificate, which is only valid for a single level of subdomains (e.g. schoolname.teachable.com). If you are using a multi-level domain (e.g. www.schoolname.teachable.com), then your school will display a 404 error message.
Mixed Content (HTTP vs. HTTPS) and Potential Issues
In some cases, you may notice browser warnings when visiting your site, or some of your content may not display properly. The usual reason for this is “mixed content”—in other words, your site is trying to load both HTTPS and HTTP content. For instance, you may have embedded an image or video from a non-SSL-enabled webpage.
To better understand mixed content, see this blurb from Google's support documentation on mixed content:
Mixed content occurs when initial HTML is loaded over a secure HTTPS connection, but other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection. This is called mixed content because both HTTP and HTTPS content are being loaded to display the same page, and the initial request was secure over HTTPS. Modern browsers display warnings about this type of content to indicate to the user that this page contains insecure resources.
If you've used HTML code to embed content within your school, it's possible that some of your pages have mixed content. If your site is secure (HTTPS), but your content is insecure (HTTP), there will be a conflict between the two.
NOTE: Some areas where mixed content could occur include the Power Editor, Code Snippets, and custom HTML blocks. To see where mixed content may exist within your school, use this tool created by JitBit to go through your HTTPS site and search for any insecure content. However, please note that this tool may not catch all instances of mixed content in your school.
For example, if you've embedded an image into your secure (HTTPS) sales page by adding the following HTML code:
Your web browser will warn you that the page is not secure. This is because the image is taken from an insecure URL (as indicated by the HTTP). Your web browser cannot declare the page secure, because the browser is trying to load insecure data (the image) over a secure connection (the HTTPS-enabled sales page).
To fix this, ensure that all content on a secure page is using an HTTPS URL. If you have content that it is using an HTTP URL, you'll have to get a new HTTPS URL for the content and use that instead. Another option is to directly upload the content through Teachable, as this will ensure the content is secure (if you have SSL enabled).
Learn more about handling mixed content on your website:
Using Your Existing SSL Certificate
If you've already created an SSL certificate for your school through a third party, you'll still be able to use it on your Teachable school. To continue using your third-party certificate, you'll have to disable the Teachable-created SSL certificate.
NOTE: If you have created an SSL certificate using Cloudflare, and would like to continue using it, there are a few extra steps to take—more information below.
If you want to switch from a third-party to Teachable's native SSL functionality, be sure to disable the third party's SSL certificate before enabling Teachable's SSL certificate. If the old SSL certificate is running at the same time as the Teachable-created SSL certificate, there may be conflicts between the two that could result in redirect loops or browser warnings.
Using an Existing SSL Certificate Through Cloudflare
If you already have an SSL Certificate from Cloudflare, and would like to continue using it, there are a few steps you'll have to take to ensure it is compatible with your Teachable school:
- Log in to your Cloudflare account.
- In the navigation bar, click Crypto.
- In the SSL section, use the dropdown menu to select Flexible or Off. If SSL is set to Full or Full (Strict) there will be a conflict between Cloudflare and your Teachable school.
Troubleshooting SSL Issues
If you see a warning from your browser that indicates that you have too many redirects when you attempt to access your school, you may be experiencing the following:
- Your custom domain has a 301 redirect that is redirecting your URL from HTTPS to HTTP - To fix this, you'll have to disable the redirect in your domain registrar.
- You are using an SSL certificate from Cloudflare that is not configured to be compatible with Teachable - To fix this, you'll have to change some settings in Cloudflare—more information here.
- You have a third-party SSL certificate enabled at the same time as your Teachable-created SSL certificate - To fix this, you'll have to either disable your third-party SSL certificate or disable your Teachable-created SSL certificate. Both cannot be enabled at the same time.