HTTPS is a modern encryption protocol that creates a secure connection between your browser and the sites you visit. Our goal is to provide HTTPS (SSL) connections by default for all Docs sites.
SSL connections add an extra layer of browsing security, letting visitors know that data passed through your website is encrypted and unreadable by third-parties. Additionally, SSL connections prove authenticity, letting visitors know that they’re actually viewing your website, rather than a spoofed(fake) domain.
Your browser indicates a secure connection with a green padlock icon, or text that reads“secure” in the address bar. Secure URLs always start with
. For example, when using a custom CNAME, your secure Docs URL will look something like this:
About the Certificate
Docs SSL certificates are free, 90-day, Domain Validated certificates issued by
Let’s Encrypt allows organizations like Help Scout to obtain and manage SSL certificates on behalf of their customers. It’s important to note that Let’s Encrypt only offers Domain Validated(DV) certificates. Using Let’s Encrypt, we’re unable to provide Organization Validation(OV) or Extended Validation(EV) certificates.
Certificate renewals are triggered daily. Certificates due to expire within the next 30 days will automatically renew with a fresh 90-day certificate. There’s nothing you need to do to renew your certificate, and there is no impact to your Docs site when certificates are renewed.
Over the next few weeks, we’re rolling out SSL support for Docs sites in a few distinct stages. There are two dates to keep in mind:
- January 8, 2018: As new certificates are issued, your site(s) will magically start working under HTTP or HTTPS. Either one works.
- February 15, 2018 : All HTTP connections will be redirected automatically to HTTPS.
Stage 1: Enable HTTPS
Valid Docs CNAMEs will automatically receive an SSL certificate from Let’s Encrypt. You’ll see the green padlock and secure URL in your browser’s address bar when visiting your Docs site.
Stage 2: Article Parsing
During this stage, we’ll auto-convert any embedded article links to respect the route the visitor takes when accessing your Docs site. For example, when accessing a Docs site using an HTTP link, the browsing session will remain in HTTP. When accessing a Docs site using HTTPS, the session will remain in HTTPS.
Stage 3: HTTPS by Default
Once deployed, incoming HTTP connections will automatically change to HTTPS connections. This will happen on February 15, 2018 for all CNAMEs, as well as Docs subdomains.
mixed content browser warning
when customers attempt to access the Docs site.
Note: Images uploaded through the Docs editor are HTTPS by default. Videos embedded from most popular video services (YouTube, Wistia, Vimeo) are also HTTPS by default. These assets do not need to be updated.
SSL and Subdomains
HTTPS connections are also supported for Docs subdomains (helpscoutdocs.com). If you're not using a CNAME, you can point customers to the HTTPS version of your Docs site URL. For example: https://subdomain.helpscoutdocs.com. Subdomains will also redirect to HTTPS by default after February 15, 2018.
What happens if our CNAME is updated?
CNAME updates will automatically trigger a new SSL certificate for the new CNAME.
What if I'm using Cloudflare to provide SSL already?
Toggling Flexible SSL off in favor of Full allows CloudFlare to connect to Help Scout over a secured connection. This will prevent Help Scout from generating a redirect in an attempt to secure the connection.