- Why do I need SSL and HTTPS?
- Redirect all traffic to HTTPS
- Frequently asked questions about SSL and HTTPS
SSL is by default enabled for all domains hosted with one.com. Once your domain is using our nameservers, an SSL certificate will be issued and activated for your domain. This means you can always securely access your site over HTTPS.
Why do I need SSL and HTTPS?
HTTPS is the secure version of the "Hypertext transfer protocol" that your browser uses to communicate with websites. It encrypts the connection between your browser and the server so that others cannot change or intercept content when you are, for example, using public WiFi.
You can verify if you are using HTTPS by the closed padlock that is visible in the address bar of your browser.
To use HTTPS, you need an SSL certificate for your domain. The SSL certificate makes it possible to identify your domain, like a passport.
In 2017 Google announced that to make the internet more secure, they want to encourage people to use HTTPS. Part of this plan is to mark HTTP sites as insecure and to reward sites that use HTTPS with SEO benefits and better ranking.
Because of this, HTTPS has become the obvious choice over HTTP.
Redirect all traffic to HTTPS
Visitors can still access your site over HTTP, for example, if they type in the address or click a link that has HTTP. To make sure that they only use HTTPS you can create a redirect, so that when someone, for example, types in http://www.one.com, they get automatically redirected to https://www.one.com.
You do this by adding the following code to a .htaccess file on your web space:
#Rewrite everything to https
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
We have created a step-by-step guide on how to do this: Always use HTTPS on your Website Builder site
For WordPress sites, adding the redirect is not enough because the site often contains mixed content. That's why we recommend installing a plugin called Really Simple SSL. Check our guide for step-by-step instructions: Always use HTTPS on your WordPress site.
Frequently asked questions about SSL and HTTPS
HTTPS isn't working for my site, what's wrong?
After activation, it may take a while for the certificate to work. If it has been more than 24 hours since you started using our nameservers, something else might be wrong. Please contact our support.
What type of SSL certificate do I get with one.com?
By default, you get a free Wildcard SSL certificate from Let's Encrypt. The advantage of this type of certificate is that it can be used with multiple subdomains of a domain and that it's easy to implement.
Can I disable SSL on my domain?
No, that isn't possible. As long as your domain is hosted with us, SSL will be enabled. If you really don't want to use HTTPS, you can redirect all traffic to HTTP. However, we don't recommend this.
Doesn't use HTTPS make my site load slower?
No, not anymore. In the past, this was true, especially on mobile sites, but with the current technology, this is no longer an issue.
Why are images and formatting missing when I use HTTPS on my WordPress site?
That is because your site has mixed content. The links to the images probably use HTTP. Because this is not secure, the content isn't loaded. You can fix this by installing the Really Simple SSL plugin.
Related articles:
