Shared SSL is included as part of the HubSpot Website add-on. Alternatively, dedicated SSL or custom third-party certificates can be purchased. If you're interested in these options, please contact your Customer Success Manager. You can also learn more here.
InstructionsThe process for connecting a domain to HubSpot with SSL is very similar to the standard process for taking a domain live on HubSpot, with a few additonal steps. Follow these instruction to enable SSL on a HubSpot website.
Request SSL Access
SSL is included free of charge with the Website Add-On. The number of domains on which you can enable SSL depends on your subscription type:
- Basic - can enable SSL on one domain
- Professional - can enable SSL on four domains
- Enterprise - can enable SSL on eight domains
If you do not meet the criteria for SSL, you can request access by contacting your Customer Success Manager. You'll be notified when you have access and you can then follow the steps in this article to set it up.
Navigate to Domain Manager
To access the Domain Manager, navigate to Content > Content Settings.
Click Domain Manager from the Content Optimization System Tools section of the sidebar navigation.
Add the domain that you would like to connect
Under, HubSpot COS Domains, click Connect domain.
Enter the subdomain that you would like to connect to HubSpot. For each secure domain you connect, a separate SSL provisioning process is required. So if you add three domains, that will require three separate provisioning processes.
Choose content types
Choose the content types that you will be hosting on this secure domain. Alternatively, you can choose to redirect this domain to another connected domain. Please note that, depending on which subscription level of HubSpot you have purchased, there are limitations to the amount of subdomains on which you can host your content.
Enable SSL option
Under the SSL column, click the Enable SSL link for your domain. Please note that you will only see this option if you have the Website add-on or have purchased standalone SSL.
Confirm enable SSL
You will be prompted to begin the provisioning process. SSL provisioning requires the generation of a certificate as well as verification of domain ownership. If you are ready to begin the provisioning process, click Yes.
You'll now see a confirmation that the provisioning process is in progress. Click Email me when it's ready to be notified when your secure CNAME has been prepared.
Return to Domain Manager
You will receive an email letting you know that a CNAME has been created for your domain. Once you receive this email and validate your domain if necessary (see note below), navigate back to Domain Manager. Click Update CNAME next to your domain to move forward in this process.
Please note: if you are adding a domain to HubSpot that was previously hosted elsewhere with SSL enabled, you will need to validate your domain. Follow the process here before completing this step.
Copy SSL CNAME
In the dialog box, you will see the CNAME that has been generated for your domain. Click Copy to copy the CNAME value to your clipboard.
Update CNAME within your nameserver host
Log in to your nameserver host, access the DNS zone file, and edit the CNAME record for the subdomain that you are connecting to HubSpot. You can learn more about this process here, or you can read instructions on updating DNS for various popular registrars.
If you are hosting your entire website with HubSpot, you will need to set up a 301 redirect from the non-www domain to the www subdomain. If your DNS provider does not provide a 301 redirect, please reach out to our Support team and they can help you with a solution.
Verify domain is connected
Return to Domain Manager within 24-48 hours once the CNAME update has propagated. You should see a confirmation message that SSL has been successfully configured for that domain, as well as SSL Enabled next to the domain. You can also check the propagation of your CNAME update by using an external tool like whatsmydns.net.
Review your site for any mixed-content warnings. If your site is loading any assets from external non-secure domains, these resources may be blocked by the browser. You can learn more about resolving mixed-content warnings, here.
Please note that continuing to the next step in this process before your new CNAME has fully propagated could result in your website visitors seeing a security warning in some browsers.
It is initially recommended that you leave the Require HTTPS option turned off. After connecting and testing your SSL domain, validating that the propagation of CNAME changes have completed, and resolving any mixed-content issues, you should then enable Require HTTPS.
To turn on the Require HTTPS option, click Edit to the right of your SSL-enabled domain, check the box for Require HTTPS, and click Save changes.
The Require HTTPS setting ensures that your site can only be accessed using the HTTPS protocol. HubSpot automatically redirects any traffic made over insecure HTTP connections to HTTPS.