Why does my site have an insecure warning?
When you're taking donations or asking people for personal information, site security is incredibly important. All Raisely sites need to be secured using HTTPS otherwise payments won't work.
Raisely will normally handle all the SSL certificate handling automatically, but there are occasions where something can go wrong and you see this warning.
If you do, don't panic it's just the browser alerting you that something isn't quite right.
To get this fixed, there are two possible situations you may be in:
1. I'm on a raisely.com subdomain (eg. mycampaign.raisely.com)
If you are fundraising on a default Raisely subdomain like mycampaign.raisely.com your site is covered by our wildcard SSL certificate.
A wildcard SSL certificate covers every possible combination before .raisely.com, this is notated by a * meaning - anything (*.raisely.com). So it covers:
- ab123.raisely.com etc.
This means that your campaign is fully secured by default out of the box regardless of what campaign subdomain you choose.
However, our SSL certificate doesn't cover your domain when you add www to the front!
Don't use www in front of your Raisely subdomain
www.a.raisely.com is not covered by our wildcard SSL certificate - our certificate can only cover *.raisely.com - not *.*.raisely.com.
So when you add www to your subdomain, it becomes a sub-sub domain, and since there is no SSL certificate for the sub-sub domain the browser cannot commence encrypted communication and shows a warning.
When you're using a raisely.com subdomain, you can't add www to the start of the domain
Just share mycampaign.raisely.com and you'll be good to go! If you want to also cover the www subdomain for your campaign, you will need to use a custom domain (Add a Custom Domain)
2. I'm on a custom domain (eg. yourdomain.com)
Custom domains are a little trickier. We automatically issue SSL certificates for custom domains, so if you're seeing a warning it may be because your DNS records aren't set up correctly. Double-check your DNS configuration with the Add a Custom Domain article.
Most commonly, it will because by the www CNAME record is not pointing at ssl.raisely.com. Depending on your DNS providers interface, your configuration should look similar to this:
www CNAME ssl.raisely.com
www.yourdomain.com CNAME ssl.raisely.com
If you're not sure or think it should be working please get in touch with us at firstname.lastname@example.org and we can help investigate!
What is HTTPS and why is this important?
In very simple terms, there are two primary ways to communicate with a website:
Communicating over HTTP means the communication between your browser and the webserver is all in plaintext. But you don't just communicate with the webserver directly, your communication is invisibly routed through 100's of routers to reach the webserver.
With the communication in plaintext, it means if a malicious actor was sitting either in your network or anywhere along the chain of communication to the webserver, they would be able to capture and read your communication.
What if you are logging into your bank, you send your account number and password over HTTP - someone could see that! Scary right?
This is exactly why HTTPS is so important and why modern browsers warn you about insecure HTTP connections:
Communicating over HTTPS (note the S at the end) means the communication between your browser and the webserver is encrypted. The way this is done is using an SSL certificate, and once encrypted, no-one but you can read what is sent!
The most widely used encryption standard uses a 2048-bit RSA key. What does that mean in real-world terms? Well, it would take a modern supercomputer around 6.4 quadrillion years to crack - so very secure
Do I need to create/buy an SSL certificate?
We automatically generate and install an SSL certificate for your campaign behind the scenes. You don't need to create/buy an SSL certificate, we do it all for you!
If none of these tips have fixed your security warning, get in touch and we can see what's going on!