Squarespace Site Not Secure? Your Complete Guide to SSL Issues and Fixes

You’ve spent countless hours designing the perfect Squarespace website. You’re ready to launch, but when you visit your live URL, your browser displays a jarring "Not Secure" warning. It’s a frustrating and common roadblock that can deter visitors and damage your site’s credibility. If you’re wondering, "why does my squarespace say not secure?", you’ve come to the right place.

This comprehensive guide will walk you through everything you need to know about Squarespace SSL issues. We’ll demystify the "Not Secure" warning, explore the common causes behind it, and provide a step-by-step process to fix it. By the end, you’ll have the knowledge to ensure your website is secure, trustworthy, and ready for visitors.

Table of Contents

• What is SSL and Why Does Your Squarespace Site Need It?
• Understanding Squarespace’s Built-in SSL Security
• Common Reasons Your Squarespace Site Shows a "Not Secure" Warning
• How to Fix "Not Secure" Issues on Your Squarespace Website: A Step-by-Step Guide
• Frequently Asked Questions

What is SSL and Why Does Your Squarespace Site Need It?

Before diving into the fixes, it’s crucial to understand the technology at play. SSL stands for Secure Sockets Layer. It’s a standard security protocol that creates an encrypted link between a web server (where your Squarespace site lives) and a web browser (what your visitors use). This encryption ensures that all data passed between them remains private and integral.

You can tell a site is using SSL in two ways:

1. The Padlock Icon: A small padlock appears in the browser’s address bar.
2. HTTPS: The URL begins with https:// instead of http://. The "S" stands for "secure."

Why is this so important?

• Security: An SSL certificate for squarespace protects sensitive information like contact details, passwords, and credit card numbers from being intercepted by malicious actors. This is fundamental to squarespace website security.
• Trust: The padlock icon is a universal symbol of trust. When visitors see it, they feel more confident interacting with your site. A "squarespace site not secure" warning does the opposite, often causing users to leave immediately.
• SEO: Search engines like Google prioritize secure websites. Having an active SSL certificate is a known ranking factor, meaning it can positively impact your site’s visibility in search results.

Overall, squarespace security is a cornerstone of a professional online presence.

Understanding Squarespace’s Built-in SSL Security

A common question is, "is squarespace secure?" The platform takes security seriously, and a major part of this is providing free SSL certificates for all websites, including those on trial plans. If you’re wondering, "does squarespace have ssl?", the answer is a resounding yes.

Here’s what you need to know about the ssl for squarespace:

• Automatic & Free: Squarespace automatically generates and configures a squarespace free ssl certificate for every custom domain and Squarespace-managed subdomain. They primarily use squarespace letsencrypt certificates, a trusted and widely used certificate authority. So, does squarespace include ssl? Absolutely.
• Built-in: You don’t need to purchase or manually install a certificate. This simplifies the process immensely, as does squarespace have built in security that handles this for you.
• Renewal: Squarespace also handles the automatic renewal of your SSL certificate, so you don’t have to worry about it expiring.

Because of this integration, the answer to "does squarespace provide ssl?" and "do squarespace domains come with ssl certificate?" is yes; it’s a core feature of the platform.

Common Reasons Your Squarespace Site Shows a "Not Secure" Warning

If Squarespace provides SSL automatically, then why is my squarespace website not secure? The "Not Secure" message usually isn’t a sign of a platform-wide failure but rather a specific issue with your site’s configuration or domain status. Let’s break down the most common culprits.

1. SSL Certificate is Still Processing: When you connect a new domain or launch your site, it can take time for the SSL certificate to be fully generated and deployed. This process isn’t always instant. If you see "squarespace ssl certificate status processing" in your settings, you simply need to wait. This is the most frequent reason for a temporary "squarespace not secure" message.
2. Mixed Content Issues: This is the most common technical problem. A mixed content error occurs when a page that is supposed to be fully secure (loaded over HTTPS) contains elements—like images, videos, scripts, or stylesheets—that are being loaded from an insecure (HTTP) source. Even one insecure element can cause a browser to flag the entire page. This is a primary reason a squarespace https not secure warning appears. If my squarespace site is not secure, this is the first thing I check.
3. Domain Connection Problems: If your domain isn’t correctly connected to your Squarespace site, the platform can’t issue a valid SSL certificate. This often happens with third-party domains where the DNS records (like A Records or CNAMEs) are misconfigured. A message like "squarespace ssl certificates unavailable" can point to this problem. A faulty connection is a key reason why is my squarespace domain not secure.
4. Browser Cache: Sometimes, the issue is on the visitor’s end. A browser might have cached an older, insecure version of your site. Clearing the browser cache can often resolve the issue for that user.
5. Expired Custom Certificate: While rare, if you have an advanced plan and have configured a custom SSL certificate (not the free one from Squarespace), it could have expired.

If you find your squarespace website says not secure, one of these reasons is almost certainly the cause.

How to Fix "Not Secure" Issues on Your Squarespace Website: A Step-by-Step Guide

Now that you understand the "why," let’s focus on the "how." Follow these steps to diagnose and fix the problem. This is how to make squarespace website secure.

Step 1: Check Your SSL Certificate Status

First, let’s see what Squarespace is reporting.

• Go to your Squarespace dashboard.
• Click Settings > Developer Tools > SSL. (Note: On older personal plans, this may be under Settings > Advanced > SSL).
• Here you will find the squarespace ssl certificate status.

You’ll see one of several statuses:

• Active: Your certificate is working correctly. If you still see a warning, the problem is likely mixed content.
• Processing: The squarespace ssl processing is underway. As mentioned, you need to wait, which can take up to 72 hours.
• Error / Unavailable: This indicates a problem, often with your domain’s DNS settings.

Step 2: Enable Your Security Settings

Squarespace gives you two key settings to enforce security. Ensure they are both turned on.

• In the SSL panel (from Step 1), you’ll see two options under "Security Preference."
• Secure (Preferred): Make sure this is selected. This sets SSL as the default for your site.
• HSTS Secure: Toggle this on. HSTS secure squarespace stands for HTTP Strict Transport Security. It’s a powerful feature that tells browsers to only ever communicate with your site over HTTPS, preventing downgrade attacks. Enabling this helps force https across your entire site.

Following this is the first step in how to make your squarespace site secure.

Step 3: Hunt Down and Fix Mixed Content

If your SSL certificate is active but you still have a squarespace connection not secure warning, mixed content is the likely culprit. This is the most hands-on part of the fix.

• How to Find Mixed Content: The easiest way is using your browser’s developer tools.
  1. Go to the page showing the "Not Secure" warning.
  2. Right-click anywhere on the page and select Inspect or Inspect Element.
  3. Click on the Console tab.
  4. Look for errors that say "Mixed Content." The console will tell you exactly which element (e.g., image.jpg) is being loaded over http://.
• How to Fix Mixed Content:
  • Images: If you uploaded an image directly to Squarespace, it should be secure. If you hotlinked an image from another site using a Code Block (<img src="http://...">), change the URL to https://. If the source doesn’t support HTTPS, you’ll need to download the image and upload it directly to your Squarespace site.
  • Code Blocks & Embeds: This is the most common source of mixed content. Scrutinize any custom HTML, CSS, or JavaScript you’ve added. Look for any links starting with http:// and change them to https://. This includes video embeds, audio players, third-party widgets, and custom fonts. This is a crucial step to secure squarespace website.
  • Custom CSS: Check your CSS for any url() properties that point to http:// resources, like background images or fonts.

Fixing these issues is fundamental to how to secure a squarespace website.

Step 4: Verify Your Domain Connection

If your SSL status shows an error, the problem is likely your domain’s DNS settings. This is especially common for domains purchased from third-party providers like GoDaddy or Namecheap.

• Use Squarespace’s DNS Checker: In your Domains panel, Squarespace will often show a red or yellow warning if your DNS settings are incorrect.
• Check Your Records: Log into your domain provider’s dashboard. You need to ensure your DNS records point correctly to Squarespace. Delete any old or conflicting records. Squarespace provides the exact records you need in the domain connection panel.
• Wait for Propagation: After you update DNS records, it can take anywhere from a few minutes to 48 hours for the changes to propagate across the internet.

Once the connection is solid, Squarespace can successfully issue the ssl certificate squarespace needs.

Frequently Asked Questions

Why does my Squarespace say not secure?
The most common reasons for a "squarespace website not secure" warning are a pending SSL certificate that is still processing, mixed content (insecure HTTP elements on a secure HTTPS page), or incorrect DNS settings for your custom domain preventing the SSL certificate from being issued.

How long does a Squarespace SSL certificate take to process?
Typically, how long does squarespace ssl take is a few hours, but it can take up to 72 hours for a new SSL certificate to be fully generated and deployed, especially after connecting a new domain. If you see "squarespace ssl certificate processing," it’s best to wait for this period to pass.

Does Squarespace provide a free SSL certificate?
Yes. Every website on Squarespace, including those with custom domains, comes with a free and automatic SSL certificate. The question of "does squarespace include ssl certificate?" is a definite yes; it is a core, built-in feature of the platform.

How do I make my Squarespace site secure?
To make squarespace site secure, first ensure your SSL certificate is active under Settings > Developer Tools > SSL. Second, enable both "Secure" and "HSTS" in the SSL panel. Finally, meticulously check for and eliminate any mixed content (HTTP links) in your Code Blocks, embeds, and custom CSS. This is how to secure my squarespace website effectively.

Are Squarespace websites secure?
Yes, are squarespace websites secure is a common and important question. The platform itself is built with strong security measures. With built-in SSL, PCI DSS compliance for e-commerce, and a dedicated security team, Squarespace provides a secure environment for building and hosting your website. User-introduced vulnerabilities, like weak passwords or insecure custom code, are the primary risks to manage.

Why is my Squarespace domain not secure?
If you see a "squarespace domain not secure" message, it usually means the SSL certificate for that specific domain has not been successfully issued. This is almost always caused by incorrect DNS settings at your domain registrar. You must ensure your A Records and CNAME records are pointing exactly as Squarespace requires. Once the domain is properly connected, the SSL certificate can be provisioned.