How to get free SSL for your SquareSpace website with CloudFlare

Update January 10 2017: Squarespace now supports SSL for custom domains! There's no need for the shenanigans detailed in this post anymore.

I recently set up SSL for one of my websites which runs on SquareSpace and was amazed by how fast and straightforward it was using CloudFlare - not to mention that it's completely free! Since the only information I could find on this topic is an entry on the SquareSpace help site with some outdated information, I thought I'd document the necessary steps here.

Buckle up!

Step one - sign up to CloudFlare

Pretty obvious, eh? Go ahead and sign up, it's free!

Step two - add your domain to CloudFlare

Don't worry, this won't have any effect on your site yet. You can add your domain to CloudFlare and configure it there, but only when you change the name servers of your domain to point to CloudFlare, your configuration will come into effect.

So go ahead and add your domain. CloudFlare will automatically detect all your DNS records. This is how the configuration looks like for the domain I added:

How to get free SSL for your SquareSpace website with CloudFlare

Ignore the grayed out entries, the important one is the one in the red box. It basically says that should point to Make sure the cloud symbol in the "Active" column is enabled (orange) for this entry.

Important: to make this work, must be linked to your SquareSpace website. Here are the instructions on how to do that.

The entry in the green box makes your "naked domain" ( forward to your www subdomain. Check out my previous post on how this works and why it is a good idea.

After setting up and confirming your DNS records, simply choose the free plan and leave all other settings on the default values. When you come to the screen where you're asked to change the name servers, skip it by clicking on "Websites" in the top navigation. This gives you the chance to finish the rest of the configuration before changing your name servers.

Step three - enable SSL

Click on "CloudFlare settings" next to your domain to configure SSL. CloudFlare offers three SSL configuration options:

  • Flexible SSL - the connection between the user and the CloudFlare server is encrypted but CloudFlare connects to your SquareSpace website via HTTP (non-secure)

  • Full SSL - like Flexible SSL, but CloudFlare also connects to your SquareSpace website via HTTPs (secure)

  • Full SSL (Strict) - like Full SSL, but CloudFlare expects a valid SSL certificate on your SquareSpace website

How to get free SSL for your SquareSpace website with CloudFlare

Flexible SSL is great if you have a website or web app that does not work on HTTPS, because it lets your users access it via HTTPS without you having to touch it.

Since SquareSpace has HTTPS for all * sites enabled by default (check this by navigating to and verify that it works), we should choose Full SSL here. (Full SSL (Strict) would require a SSL certificate specifically for, not *

Step four - change name servers

Now it's time to actually change the name servers of your domain to point to CloudFlare. Go back to the list of your websites and click on "Continue setup >" next to your SquareSpace domain. This will bring you to the screen that prompts you to change the name servers.

To change your name servers, you have to log in to your domain registrar or DNS management service. Google the name of your registrar and "change name servers" if you're unsure how to do so.

Step five - always use HTTPS

Now we should configure CloudFlare to always use HTTPS, i.e. forward all HTTP requests to HTTPS. This makes sure that all users access your site via HTTPS.

To always use HTTPS, create a "Page rule" for your domain:

How to get free SSL for your SquareSpace website with CloudFlare

Enter* (with your actual domain of course) as the URL pattern, enable "Always use https", and click "Add rule"

Important: you need to have changed your name servers first, otherwise the "always use https" option doesn't show up. If you don't see it and just changed your name servers, give it some time (1-2 hours) and try again.

That's it!

Now, should forward to, and all subpages, too.

Enjoy your safe and encrypted SquareSpace site! :)

Discuss this post on Hacker News

Ideas? Constructive criticism? Think I'm stupid? Let me know in the comments!