Flywheel Simple SSL FAQ

Updated on April 19th, 2022

1. What’s the cost for Simple SSL? Is it really free?
2. How does Simple SSL work? How is the certificate generated?
3. Why is Flywheel offering Simple SSL for free?
4. What’s the difference between Simple SSL and a “bring your own” certificate?
5. Will I need to renew my Simple SSL certificate?
6. How can I add Simple SSL to my site?
7. Can I switch from a paid “bring your own” certificate to Simple SSL?
8. How long does Simple SSL take to validate?
9. Can I force HTTPS site-wide with a Simple SSL certificate?
10. If I force HTTPS, will HTTP links still work? Will I need to update anything?
11. I forced HTTPS, but my site is still insecure and I don’t see the padlock icon. Why?
12. Can I get a refund for my 3rd party SSL Support fee if I switch to Simple SSL?
13. Can I add Simple SSL if I haven’t pointed DNS for my domain to Flywheel yet?
14. Can I have Simple SSL and a “bring your own” certificate active at the same time?
15. Can I use Simple SSL on a Staging site?
16. I’m having trouble with validation for Simple SSL. What do I do?
17. Can I install Simple SSL on a WordPress multisite?
18. Is Simple SSL compatible with Cloudflare?
19. Is Simple SSL compatible with Sucuri?
20. If I leave Flywheel, can I take my Simple SSL certificate with me?
21. If I’m using a CDN with custom URLs, can Simple SSL secure my assets?

What’s the cost for Simple SSL? Is it really free?

Yep, it’s really free! Simple, right?

How does Simple SSL work? How is the certificate generated?

Simple SSL certificates are issued by Let’s Encrypt™, a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG).

We’ve configured our server software to communicate directly with Let’s Encrypt™, validate your cert and install it completely automatically!

Why is Flywheel offering Simple SSL for free?

We believe in the mission of Let’s Encrypt™ to make secure HTTPS encryption available to everyone, and we’re proud to be helping to lead that charge in the managed WordPress hosting world. (In other words, because we want to be awesome.)

What’s the difference between a Simple SSL certificate and a third party certificate?

Simple SSL includes a fully valid SSL certificate you can use to encrypt your Flywheel site. It will work for everything from adding SSL for the slight SEO boost to encrypting customer information on an e-commerce store.

For more information on the specifics of the certificates we’re able to offer with Simple SSL through Let’s Encrypt™, click here.

Third party certificates are purchased by the customer from a certificate vendor (like Comodo or GoDaddy) and are provided to Flywheel for installation. For example, since Simple SSL does not provide OV or EV (Organization Validated or Extended Validation) or wildcard certificates at present, sometimes a third party certificate may better meet the security needs for a site.

Will I need to renew my Simple SSL certificate?

Nope! Although ordinarily Let’s Encrypt™ certificates do need to be renewed every 90 days, we take care of that for you automatically. So once Simple SSL is active, you don’t need to do anything at all. (So simple!)

How can I add Simple SSL to my site?

Easy! you’ll find the Enable SSL button on the Overview tab of your site’s Flywheel dashboard. For a full guide with all the steps, check out this help article: How do I add Simple SSL to my site?

Can I switch from a paid “bring your own” certificate to Simple SSL?

Absolutely! Most sites will be just fine replacing their existing cert with Simple SSL, as long as you don’t need an OV, EV or wildcard cert.

You can edit your SSL settings from the Overview tab of the site’s Flywheel dashboard.

For full directions, see the help article: How do I switch from using my own SSL certificate to using Simple SSL?

How long does Simple SSL take to validate?

As long as your domain is already pointed to Flywheel, the validation should happen automatically within about 10–15 minutes. Otherwise, validation may take up to 48 hours after your domain’s DNS settings are properly configured, though it’s usually much faster.

If your domain isn’t pointed to Flywheel yet, see the help article: How do I validate my domain for Simple SSL?

Can I force HTTPS site-wide with a Simple SSL certificate?

Absolutely! Once the cert is installed and activated, you’ll find the option to Force HTTPS in the Advanced tab of the site’s Flywheel Dashboard.

If I force HTTPS, will HTTP links still work? Will I need to update anything?

If you switch on “Force HTTPS” from the Advanced tab of the site’s Flywheel Dashboard as described above, we’ll redirect all HTTP traffic to HTTPS automatically at the server level. So yes, all HTTP links will still work, and you won’t have to change anything.

I forced HTTPS, but my site is still insecure and I don’t see the padlock icon. Why?

Forcing HTTPS changes the protocol of the overall page load, but it can’t affect certain site files and images. For that, we recommend the SSL Insecure Content Fixer plugin, which should force your existing assets (images and files) to load via HTTPS.

If that alone doesn’t solve the issue, there are likely HTTP links which are coded into the site’s content or files that will need to be updated manually.

You can identify specific assets which are loading insecurely using whynopadlock.com.

Once you know which assets are not loading securely, you can either simply change all instances of “http” to “https” for your site’s local links, or better yet, change all internal links to relative instead of absolute (e.g., instead of “mysite.com/images/picture.jpg”, just use “/images/picture.jpg”).

Note: external HTTP links to third-party services (like Facebook, Google or Twitter) cannot be secured by your site if they are not already HTTPS links, so it won’t be possible to get the green padlock on sites that rely on external, third-party HTTP links.

For more information on fixing insecure content, check out this help article: How to fix insecure content (and get the padlock in your browser’s address bar)

Can I get a refund for my third party SSL Support fee if I switch to Simple SSL?

If you have more than 30 days remaining on your previously paid SSL Support add-on (if you paid annually, for example), we’ll be happy to issue a prorated refund for the remaining time on that subscription. Just contact us in the Flywheel app with that request once you’ve made the switch, and we’ll be happy to help.

We are not able to issue retroactive refunds or refunds for any existing SSL support add-on fees with 30 days or fewer remaining on the subscription. Apologies for any inconvenience.

Can I add Simple SSL if I haven’t pointed DNS for my domain to Flywheel yet?

No, that won’t work. Simple SSL is domain-validated, which means that in order to install a certificate on any given site, the domain needs to be pointing to that site.

To make this process as quick as possible, however, you can lower your domain’s TTL setting prior to going live, to a short duration like 5 minutes. (You’ll want to do this at least as far in advance as the old TTL setting. For example, if the domain’s current TTL is four hours, you’ll need to change it at least four hours before going live.) This will cause changes to propagate more quickly, allowing Simple SSL to be installed as soon after going live as possible.

Can I have Simple SSL and a third party certificate active at the same time?

Sure!

Can I use Simple SSL on a Staging site?

Simple SSL is available for Staging environments on Flywheel Cloud only.

I’m having trouble with validation for Simple SSL. What do I do?

Make sure you’ve taken the site live and that DN S is pointed properly for both the www and non-www version of the domain are pointing to your Flywheel site (just one of the two won’t be enough to validate). You can check your DNS settings using one of our suggested DNS checkers.

If everything looks good but you’re still having issues, make sure Privacy Mode is toggled off in the site’s Flywheel dashboard.

If you’re still having issues with Simple SSL validation, please see How do I validate my domain for Simple SSL?

Can I install Simple SSL on a WordPress multisite?

Absolutely! Please note that while Simple SSL has a multi-domain capability, it does not have wildcard capability at this time. If you have a subdomain style multisite, you’ll need to secure each subdomain individually with Simple SSL.

Is Simple SSL compatible with Cloudflare?

Yes. However, depending on how things are currently set up, you may need to reconfigure the SSL/TLS settings in Cloudflare’s dashboard.

In particular, Cloudflare’s “Flexible” SSL setting can create a redirect error when used in conjunction with Simple SSL. Disabling Cloudflare’s SSL altogether or switching it to the “Full” setting may be needed to ensure there are no conflicts or redirect loops.

For more information on configuring Cloudflare for use with Flywheel, check out this help article: How do I set up Cloudflare on Flywheel?

Is Simple SSL compatible with Sucuri?

Yes. If you’re pointing your domain through Sucuri, please make sure that the Forward Certificate Validation to Hosting setting is enabled. If it is not, this will prevent Simple SSL from validating.

If I leave Flywheel, can I take my Simple SSL certificate with me?

Thanks for the purely hypothetical question. ;) Simple SSL certs are not transferable to other servers, and due to the managed nature of Simple SSL, we do not provide the certificate or key file. However, you may be able to set up a new Let’s Encrypt™ certificate on the new server.