Simple SSL on Flywheel

SSL stands for Secure Sockets Layer, and is the technology that keeps internet connections secure and safe from prying eyes. It is used on all ranges of sites, but is particularly useful when doing things like online banking, eCommerce, or any type of internet transaction where personal information is shared.

Simple SSL is Flywheel’s free offering for a secure sockets layer to be added to your site!

The basics of Simple SSL

Flywheel’s Simple SSL feature is a fully automatic 100% free SSL certificate, installed and activated in minutes! 

To make this possible, we’ve partnered with Let’s Encrypt™, a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG). This allows us to generate, install, activate, and renew certificates for your sites automatically and for free – right from your site’s Flywheel dashboard!

Enable Simple SSL

Follow the steps below to enable Simple SSL on your site!

Step 1: Navigate to the site’s dashboard

1. From the main menu, click Sites.
2. From your site list, click on the site you’d like to enable Simple SSL on.

Step 2: Find the appropriate domain and Enable SSL

1. On the Domains card, hover over the three-dot menu next to the domain you want a certificate for and then select Add SSL Certificate.

Step 3: Select the domains you’d like to secure

1. Select “Yes, use Simple SSL”.
2. Select any or all of the domains by checking the appropriate box. Keep in mind that DNS for every domain selected will need to be pointed properly to the Flywheel site’s IP address, or Simple SSL installation will fail for those domains.
3. You can view the DNS status of each domain on the domain selection screen. For example, in the image below, you can see that the first two domains have been verified by our DNS checker as having been correctly pointed to the Flywheel IP, indicated by the green checkmark.
   

Step 4: Review domains that failed the DNS check

1. Any domains that are not pointed to Flywheel will show an orange warning icon. Double-check the DNS settings for this domain (a DNS checker tool can be helpful), and then click the Check DNS Again button to retry.
   
2. Once you’re satisfied with the results of the DNS check, click that green Complete SSL Setup button, and our system will get to work installing SSL for you!
3. It can take up to 30 minutes to fully install the SSL certificate. You’ll receive an email from Flywheel when your domains are secured.

Step 5: Verify SSL status

1. The SSL Status column will display the certificate type for each domain or the Not Enabled status for domains not yet covered by a certificate.
   
2. A lock and shield emblem will display on your site’s thumbnail image, signifying that the primary domain on the Flywheel site is secured by SSL.
   

Secure a secondary domain with Simple SSL

If you’ve added a secondary domain to your site and you want to secure the domain, Simple SSL has got you covered!

Step 1: Enable SSL for insecure domains

From your domains list, you can edit the Simple SSL certificate to add the domain(s).

1. On your site’s dashboard, navigate to the Overview tab.
2. On the Domains card, locate the secondary domain, hover over the three-dot menu, and select Add SSL Certificate.

Step 2: Confirm the domains you want to secure

You’ll see a list of all the domains on the site and their current SSL status. You can select additional domains here.

1. Check the boxes for the domain(s) you want to secure.
2. Click Complete SSL Setup.

Note

If your secondary domain isn’t pointing to Flywheel yet, you may see this message. Your domain may still be propagating, or you may need to adjust your DNS settings. You can still attempt to complete the SSL setup, but it may fail. Attempts are rate limited to 3 per hour.

Step 3: Sit back and relax while Simple SSL is installed

1. That’s it! You’ll see a message in your dashboard like this:
   Simple SSL usually takes between 20 minutes to an hour to install. If your domain still isn’t secure after that time, try clearing your browser cache, or check your email – if Flywheel was unable to install the certificate, you’ll get a message with next steps.

Simple SSL and eCommerce

Simple SSL provides you with a domain validated SSL certificate issued through Let’s Encrypt™. If you’re wondering whether the level of security and encryption provided by a Simple SSL certificate is sufficient for an eCommerce site: the short answer is, “Yes.”

The long answer, however, is slightly more nuanced.

While the level of encryption that a domain validated SSL certificate offers is sufficient for just about any application, any time that you plan on handling sensitive user information such as credit card or bank account information on your website, it’s advisable to instead purchase an OV (Organization Validated) or, even better, an EV (Extended Validation) SSL certificate from a third-party provider rather than use a domain validated certificate.

There are two reasons for this recommendation:

First, Let’s Encrypt™ certificates do not carry any warranty or guarantees. Generally, OV and EV certificates purchased from third-party providers come with an extensive warranty and often even insurance in the unlikely event that anything goes wrong with the certificate.

Second, OV and EV certs carry a higher level of trust. Since anybody can get a domain validated certificate, these certs don’t do much to prevent spoofing. While they do encrypt user data, they don’t guarantee your users anything about the authenticity of your site or organization.

By contrast, OV and EV certs require much more than just a domain to obtain. There’s actually a strict vetting process that goes along with purchasing these certificates. Your site’s users can put a higher level of trust in your site knowing that it has one of these certificates. This is particularly true of an EV certificate, as it will have the green organization bar in the browser in addition to the standard padlock, such as on Target’s eCommerce site:

Again, just to reiterate: the level of encryption in a domain validated Simple SSL certificate itself is sufficient. Strictly speaking, you don’t need more than a regular domain validated certificate. There are many eCommerce sites that use them. But running a site that handles extremely sensitive user information isn’t a responsibility to take lightly, which is why we recommend the extra layer of security provided with an OV or, ideally, an EV cert whenever possible.

Switch from a 3rd party SSL to Simple SSL

If you have a third-party SSL certificate installed on Flywheel and would like to switch to using our free Simple SSL powered by Let’s Encrypt™, just follow these steps!

1. Remove Third-Party SSL. Head to the Overview tab of the site’s Flywheel dashboard and look for the SSL Certificate area on the right sidebar. Hover over the 3-dot menu and choose the Delete SSL option.
   
2. Enable Simple SSL. On the Domain card, hover over the three-dot menu next to the site’s primary domain and select Add SSL Certificate.
3. Select the domain(s) you’d like to secure. You can select any or all of the domains that appear in the site’s Domains list on the Overview tab of the site’s Flywheel Dashboard. For every domain selected will need to be pointed properly to the Flywheel site’s IP address. You can view the DNS status of each domain on the domain selection screen like the example below.

   Note

   Simple SSL supports up to 50 domain names per certificate. If your site has more that 50 domains (look at you!) please reach out to our friendly Happiness Engineers, we’ll hook you up!
4. Review any domain(s) that failed the DNS check. Any domains that are not pointed to Flywheel will show an orange warning icon. Double-check the DNS settings for this domain, and then click the Check DNS Again button in order to retry.
   
   

   Note

   The DNS checker is not always 100% accurate. For example, if you are pointing DNS via a proxy, like Cloudflare or Sucuri, the Flywheel DNS checker will not be able to confirm that DNS is pointed to Flywheel.If you are confident that DNS is set up correctly, feel free to ignore this warning.
5. Once you’re satisfied with the results of the DNS check, click the Complete SSL Setup button, and our system will get to work installing Simple SSL for you!

Error Messages

If Simple SSL fails to validate, you may encounter one of the following error messages:

These error messages indicate that Simple SSL failed to validate because the DNS for one or more domains is not properly pointed to the site’s Flywheel IP address. Check the domain’s DNS settings and try enabling Simple SSL again.

If you’ve tried enabling Simple SSL on your on site multiple occasions within a short timeframe, you may run into this message on your Flywheel dashboard:

This indicates that the SSL certificate has failed validation 3 times within the last hour, and you’ll simply need to wait another hour before you can try enabling Simple SSL again.

Validations usually fail because the domain name is not correctly pointed to Flywheel. For more information, check out our guides to setting up DNS for your domain.

Let’s Encrypt™, who provides certificates for Simple SSL, imposes these limits. To learn more, click here.

Need help?

If you have any questions our Happiness Engineers are here to help!