Update: Thanks to the Let’s Encrypt project Shopify just released SSL encryption for all shopify stores for free. Check out their blog post for more details.
Shopify is a great platform to start your online business with or to host a shop for your multi million dollar business. With over 200,000 active stores, it’s one of the biggest players in the market. There is just one disadvantage: You can’t get a SSL certificate unless you use their enterprise level Shopify Plus plan.
Why do I need a SSL certificate?
Let’s ignore the security reasons for a SSL certificate for a moment and just look at the business disadvantage that arise from not serving our page via https:
- Google’s ranking algorithm will rate your site lower.
- Browsers are starting to emphasize the need for SSL to their users.
- Customers trust your site less if you don’t have a SSL padlock.
How do I get a SSL certificate for my Shopify store?
You can take advantage of CloudFlare’s free Universal SSL to get https for your Shopify store. They are using an extension of the TSL protocol named Server Name Indication. This allows them to be able to serve a certificate for multiple domains using only one IP address, reducing the hosting cost.
Generally, if you’re running a browser that is less than 6 years old, your browser is modern and Universal SSL on CloudFlare’s free plans will work. The three biggest problem children legacy browsers are:
- Internet Explorer and Chrome on Windows XP (or older)
- Android pre-Ice Cream Sandwich
If you are want to make sure your site also works on these older systems, pick CloudFlare’s 20$ Pro Plan. The paid plan also provides you with more security by using “FULL SSL”. (Encrypts the connection between your website visitors and CloudFlare, and from CloudFlare to your Shopify store.)
1. Create an account and add your domain name to CloudFlare
2. Move your DNS Records from your domain provider.
3. Turn on Flexible SSL in Crypto -> SSL (with SPDY) -> Flexible
4. Activate CloudFlare in DNS -> example.com -> Status Icon
5. Add a https forwarding rule in Page Rules
Thanks to Prem Sichanugrist and his blogpost on Thoughtbot.