Midway through 2018, Google issued an update to Chrome which marks any website address that starts with http:// as "insecure". It's simply part of Google's push towards promoting a more secure web, and doesn't mean your website is doing anything untoward. Their aim is to make as many website addresses as possible start with https://, which is an indicator that the communication between a web browser and the computer hosting the website (the server) is secure, and that the host computer isn't pretending to be something it's not. This is done by obtaining an SSL certificate; this certificate vouches that the server your browser is talking to is legitimate, and it is issued by a trusted authority. (SSL stands for "Secure Socket Layer", but that isn't important here.)

If you're using your own domain name with a Podiant website, you might see a "Not secure" label next to a web address.

"Not secure" label showing in Google Chrome

Again, this doesn't mean that your visitors are at risk, or that your website was any less secure than it was before Google implemented the change. However, there's a way to prevent it from happening, by securing your custom domain with an SSL certificate.

Securing your site with an SSL certificate

Start by following our guide on using Cloudflare to enable your custom domain.

It is essential that you follow the steps under the section headed "The simplest approach: use Cloudflare". Doing this in any other way, using another DNS provider will not work.

Cloudflare settings for the Bitrate podcast

Once your records are setup, you should see a screen similar to the above. If the cloud icons next to the @ and www records is grey, click each one so they turn orange. This is a sign that traffic is now being proxied through Cloudflare's secure infrastructure, and encrypted with a free SSL certificate.

That's the hard part. After a couple of hours, you should be able to type https://<your-domain-name> into your browser, and see your website. If you don't, make sure you've followed the steps exactly, and you've cleared your browser cache.

Redirecting HTTP traffic to HTTPS

The final step is to turn HTTPS on by default. This means that anyone visiting, in our case, http://bitratepod.com will be redirected to https://bitratepod.com, the secure version. To do this, we go back to Cloudflare.

Select the "Crypto" button from the top of your domain page in Cloudflare (it's a blue button with a white padlock). Ensure the "SSL" setting is set to "Full", then scroll down to the setting labelled "Always use HTTPS". It will be off by default, so click the "Off" switch to turn it on, then scroll down to the section labelled "Automatic HTTPS rewrites" and do the same for that switch.

This will ensure that any URL that starts with http://<your-domain> is rewritten to be secure.

Seeing an Ⓘ instead of a padlock, next to the web address?

This is a current limitation with Podiant. All communications are now secure, but Podiant doesn't know that your site uses SSL, and can't assume that it does, so at the moment is using http:// URLs in some places. We'll be rolling out an update to address this, as soon as possible, but you should be able to click the info circle and see a valid SSL certificate, which indicates that the communication between the visitor's browser and our server is secure.
Was this article helpful?
Thank you!