Ensuring your paper uses https – Paper.li Support

Screen_Shot_2017-11-07_at_10.09.11_AM.png

What is https?

Https is the secure version of http, and is the protocol over which sensitive data is sent between your browser and the website to which you are connected. Https used to be used to protect and encrypt highly confidential online transactions like online banking and online shopping forms, but it is now increasingly being recommended generally whenever a visitor enters any data (such as an email when subscribing) in a website.

In order to ensure a secure connection, when you request a https connection to a webpage, the website will send its SSL certificate to your browser. This certificate contains the public key needed to begin the secure session.

Beginning in October 2017 with Google's newest version of Chrome (v. 62), Google is leading the trend towards insisting on encrypted communication between browser and website by becoming more aggressive with their warning messaging for http sites. Any sites using http that include a form where the visitor enters data (such as an email) will show a "not secure" message in the address bar.

Image/GIF Source: Is HTTPS Good for SEO?

Papers on the paper.li domain

Example https://paper.li/yourname/numbers

All papers on the paper.li domain automatically use https, so no action is needed to ensure https protocol is used.

Papers on a custom domain

Once you set up your custom domain, we no longer have a matching SSL certificate, so are not able to return the public key to begin the secure https session. Our SSL certificate works only on paper.li domains.

For users who would nevertheless like to use https protocol on their custom domain, we support SSL encryption but the solution requires that the domain be configured through https://www.cloudflare.com/ssl

Signing up and adding your new custom domain to cloudflare is free (for a single site).

The setup is incredibly easy.

1. You must first set up your custom domain with paper.li and ensure that it's functional before adding your site to Cloudflare.

Once you add your site to Cloudflare, your IP address is masked and Paper.li is unable to confirm that you are using the paper.li IP address.

2. Once you've ensured your custom domain is functional with paper.li on http, sign up with Cloudflare and give them your new domain name. They will scan it and add it to their service. The whole process takes just a couple of minutes (though it can take up to 24 hours for the SSL to take effect).

3. Once the setup in cloudflare is complete, to ensure that the site always uses https:

Under the Cloudflare Crypto tab:

Under the SSL section, set SSL to "flexible" in the dropdown menu.

Screen_Shot_2017-11-14_at_10.42.35_AM.png

Under "Always use HTTPS", turn toggle to ON

Screen_Shot_2017-11-14_at_10.42.21_AM.png

If you have any custom code installed in header, footer, and/or ad units, verify that all URLs referenced in your custom code are using https.

Troubleshooting

Once you have added your site to Cloudflare and it is active, we are unable to provide support on the configuration of your DNS settings, since DNS records are no longer visible to us.

If you need to temporarily deactivate Cloudflare, so that we can confirm your DNS records, you can do so following these Cloudflare instructions. Pausing Cloudflare temporarily allows us to confirm that your DNS records are correctly created without removing all Cloudflare settings and starting over.

Related articles