Portal | Homepage | Blog

Register your interest: SSL cert for your store with site-wide encryption


#13

Hi Mark,

We have it ready to go on our side. We’re waiting on our Content Delivery Network provider (Akamai) to update images.nitrosell.com to be served over SSL. We had expected it to be quick but it now looks like it’ll be middle of August before they can deliver that change.

We’ll update this thread as soon as it is ready.

Thanks,
Donogh


#14

Hi Donogh

Thanks for the update,

Regards

Mark


#15

Hi all,

We are finalising SSL support this week. It will be ready for go live by next Wednesday.

For those of you who have expressed an interest, can you please confirm you’d like to go ahead on the basis of a $199 set-up fee and $29/month? (€179 set-up and €25/month in euro; £149 set-up and £20/month in GBP.)

We will open a ticket on your behalf and go from there.

Regards,
Donogh


#16

Hi Donogh

Yes please count us in.

Mark
Model Railways Direct


#17

Thanks Donogh. We don’t have an issue with the additional fee.


#18

Congrats @jessie, yours is the first non-test store to have SSL enabled!

As you can see, it’s as fast as ever and the entire site is being served over SSL, including the checkout: https://hostelshoppe.com/

For those of you on SSL, our search engine marketing team will be available to help you deploy Google Trusted Stores (US) and Google Trusted Shops (UK). If you are not already in touch with the SEM team, please open a ticket on this subject.

We strongly recommend you enable Google’s Universal Analytics: Google Universal Analytics Integration

And the newer version of Google Maps, which uses an API key and asynchronous JavaScript: Product Update: Google Maps API Key

[For the techies among you:

  • You can see in the source that images are delivered via a https URL on our content delivery network (Akamai): https://images-nitrosell-com.akamaized.net/
  • In fact, nearly all stores’ static content is being served from this secure URL;
  • This change also allowed us to increase the TTL on static content to 24 hours, which means browsers will cache it for longer, improving your site’s page speed for return visitors;
  • It also makes use of E-tags, meaning if the content has changed, browsers will see a changed E-tag and will refresh it (ensuring stale content isn’t served).]

As always, if you require further assistance, don’t hesitate to open a ticket with our support team.


#19

Thank you, Donogh! I will get in touch with the SEM to get the Google Trusted Stores set up. The transition to the full SSL has gone very smoothly! I really appreciate the great customer service.

Best Regards,

Jessie Bostic

Sales & Customer Service, Marketing & IT Manager
Hostel Shoppe
3201 John Joanis Dr.
Stevens Point, WI 54482
800-233-4340 or 715-341-4340 ext. 302
jessie@hostelshoppe.commailto:jessie@hostelshoppe.com


#20

Thank you!

We switched to https on Friday evening and, to be honest, we thought we would have problems. Just the opposite, a smooth switchover, in fact had we not have received an email advising that the switch was about to happen I don’t think we would have noticed!

Thank you to all the team for making the switch such a simple task.

Mark, Model Railways Direct Ltd


#21

You’re very welcome Mark, thank you for the kind feedback.


#22

Just wanted to leave a review of the sitewide SSL process. We had NitroSell activate it on Racks For Cars a few months ago and we are very happy with the implementation!

After giving the NitroSell team the green light, we were up and running with SSL across our site within one business day. There was nothing to do on our end initially, but a few minor things cropped up afterwards that we hadn’t taken into account beforehand.

User experience and SEO benefits

In the past, we would very occasionally get questions from users about why our checkout page was hosted on a NitroSell domain rather than our own. After the SSL switchover took effect, all of our pages appear in the browser address bar as coming from our own domain. Awesome!

For those who might not follow Google that closely, they began using SSL as a ranking signal in 2014-15, and have recently changed the Chrome browser’s address bar to explicitly state whether they consider a site “secure” or “not secure”. The message from them is clear: move to HTTPS as soon as possible.

It is not possible to remove the effects of the SSL certification from our other SEO efforts to view them alone. However, we have noticed important landing pages ranking generally higher after the implementation. Certainly there has been no ill effect.

In Google search engine result pages, our URLs now appear with https in front of them:

Google SERP

On our pages, users of Firefox, Safari, Edge, and Opera browsers will see the lock icon in the address bar on every page of our site. Users of the latest versions of Google Chrome (our biggest user base) see the word “Secure” next to the green lock icon, which can be clicked for expanded results:

Google Chrome address bar

Errors we encountered and how to fix them

When using HTTPS, you must load all resources on a page over HTTPS if you want your page to remain “secure”. Things like images or scripts you might be hotlinking to rather than hosting yourself need to be loaded from an HTTPS site. If a page is loading resources from an address that starts with http://, it will cause the entire page to not be “secure”. In Chrome, this resulted in the standard “circled i” icon appearing instead of the green lock, with expanded results explaining that the page was not secure.

Since almost every resource we load on our site was hosted by us, most pages were fine as long as the resources we had linked to were using a relative address. Resources that we were hosting and linking to that were using the legacy URL format starting with http:// instead of https:// would still load, but would cause the page to not be secure.

Example:

If you load an image but you do so using a legacy http:// absolute URL, your page will be not secure.

<img src="http://www.example.com/images/logo.jpg" />

You can fix this by either using a relative URL that starts with a slash rather than the site protocol and domain, or by using an absolute URL that starts with https to make a page secure.

<img src="/images/logo.jpg" />
<img src="https://www.example.com/images/logo.jpg" />

There is no need to comb through your entire site to find all the places you might be doing this before implementing SSL, as NitroSell automatically forwards requests from legacy http:// URLs to new https:// URLs. You can do the work afterwards and use the green lock icon as the indication that your entire page is fine as you check everything over.

There were a couple of resources being loaded by our NitroSell templates that we needed to manually change. These were all in our blog section and related to Gravatar. Simply changing any Gravatar URL we found from http to https worked to solve the problem and load the resources securely.

Great job NitroSell!

Thanks very much to @donogh and @jbw for their help implementing SSL for us. Everything went super smoothly and we feel it was money well spent. Very recommended for anyone using their NitroSell site to sell to the public.


#23

Thank you Tyler for the feedback and the helpful tips. We’re delighted you’ve had such a positive experience! :slight_smile:


#24

Can we use our own SSL certificate? We’re in the process of renewing our other certificates and could get one for our store.


#25

Hi Matthew, we’re unable to facilitate third-party SSL Certificates. NitroSell operates a software-as-a-service model of delivery and your WebStore is within an automated hosting infrastructure.


#26

Hi,

Has anyone tried implementing the Google Certified Shops program yet - any anecdotal evidence of increased conversion rates or other feedback - be it positive or negative?

@donogh is there a cost to implementing the Google Certified Shops program or does the required integration already exist?

Many thanks,
Emma


#27

Hi Emma,

There is no cost. You can enable it yourself with a webstore config option, search for ‘certified’.

Getting approval from Google is a lengthy process, though. Our SEM specialist, @tomasz_fortuniak, could also assist if you’d like.

Regards,
Donogh


#28

Please add us to your list and sign us up!


#29

@peter_szczepanowski could you get @jk1 set up please, Pete?


#30

@donogh Joyce is already on sitewide SSL since February


#31

Great, thanks Pete, way ahead of me!


#32

I would like to have this feature added to our site. Let me know what we need to do.

Thanks.