Shopify provides SSL certificates to your store after your custom domain has been properly added. To improve security, SSL certificates encrypt your store's content and publish it securely using HTTPS instead of HTTP.
For example, if your store's URL is
http://www.example.com, it will be updated to
https://www.example.com after Shopify issues SSL certificates. Customers who use the original URL will be redirected to the encrypted online store.
When you add your custom domain, a new SSL certificate is automatically created. This process can take up to 48 hours. During that time, you might see an error that reads SSL Unavailable in your Shopify admin and you might see a security error in your browser when you visit your online store. Learn more about the SSL Unavailable error and steps you can follow to troubleshoot it.
Having SSL certificates on your online store lets you:
- add a new layer of security to your online store by using HTTPS instead of HTTP
- build customer trust by displaying the SSL padlock icon beside your online store's URL:
If your online store displays content (including images, videos, or webfonts) that's hosted somewhere other than Shopify, then you can verify it on the Domains settings page in your Shopify admin to make sure it doesn't invalidate your SSL certificate.
Best practices for SSL content
You can take the following actions to make sure your store's online content stays secure:
- Host all of your online store's content on Shopify or a server that publishes over HTTPS (learn about uploading files to your Shopify admin).
- Host your video content on a service that publishes over HTTPS.
- When using webfonts, make sure they're published over HTTPS from their source.
- Don't use CAA (Certification Authority Authorization) records. If CAA records are required, the following Certificate Authorities must be added to each CAA record: - letsencrypt.org
HTTP Strict Transport Security (HSTS) is a mechanism that forces browsers to access a website with an HTTPS connection only. Using a secure connection in this way prevents certain kinds of network attacks, which helps ensure the safety of your information and your customers' information.
An HSTS policy can be set on a domain for a fixed length of time. Shopify's default length is 90 days.
If you remove a domain or leave Shopify entirely, then this policy will remain in effect on the domain for a further three months, but you won't need to take any additional steps as long as you move the domain to another platform that uses HTTPS.
If you move the domain to a platform that doesn't use HTTPS, then for the next three months after removing the domain from Shopify, anyone attempting to access the site will see an error message in their browser that says the site is not trusted or the certificate is not valid.
If you have additional questions, then contact Shopify Support.
Uppdatering av domänplatskarta
You can manually update your domain's sitemap and notify search engines immediately when your storefront URLs change from HTTP to HTTPS.
Activating SSL certificates for your domain can temporarily affect your website's organic traffic. If you're using webmaster tools to manage your website (like Google Search Console account), then you can manually update your domain's sitemap and notify search engines immediately when your storefront URLs change from
Denna process skiljer sig beroende på vilka webbmasterverktyg du använder.
Google Search Console
- Log in to your Google Search Console account.
- Ange din domän (inklusive prefixet
HTTPS://) i Sökkonsolen och klicka sedan på LÄGG TILL EGENSKAP.
- Klicka på domännamnet som har krypterats med SSL.
- Klicka på Crawl och klicka sedan på Platskarta.
- Klicka på LÄGG TILL/TESTA PLATSKARTA.
- Ange domänens nya
HTTPS-platskarta (till exempel:
- Ta bort domänens
HTTP-platskarta från dess profil.