All free subdomains support HTTPS by default through a system-wide SSL certificate. This benefits most people since you no longer need to set up and install your own SSL certificate. However, there are some important limitations to understand when configuring your website for HTTPS.
The www subdomain does not support SSL
The system-wide SSL certificates can only protect direct subdomains, which means www subdomains are not covered. For example: the domain example.ct.ws is protected with SSL, but www.example.ct.ws cannot be protected.
What works: example.ct.ws
What doesn’t work: www.example.ct.ws
Please configure your website to use the URL without the www prefix. If you have existing links or bookmarks using www, consider setting up a redirect from www to the non-www version to preserve your traffic and avoid broken links.
Subdomains of free subdomains do not support SSL
The system-wide SSL certificate can only provide HTTPS to direct subdomains of the reseller domains. Domains like example.ct.ws can be protected, but subdomains like blog.example.ct.ws cannot be protected.
What works: example.ct.ws
What doesn’t work: blog.example.ct.ws
Because of this limitation, creating subdomains of subdomains is no longer available on new hosting accounts. Older hosting accounts may still be capable of doing this, but those subdomains will not be able to have SSL support anymore.
This limitation stems from how wildcard SSL certificates work and cannot be resolved without reverting to individual SSL certificates for each domain, which is not sustainable.
You must still configure your website to use HTTPS
Having an SSL certificate only makes your website capable of using HTTPS, it doesn’t automatically enable it. To properly implement HTTPS, you need additional configuration:
- Configure your website to use HTTPS URLs. Most website software has a setting to determine the website URL. If so, you must configure that to use
https://instead ofhttp://. How you need to do this depends on the website software being used. For WordPress, this is typically in Settings > General. For other CMS platforms or website builders, check their specific documentation for HTTPS or SSL settings. - Redirect all website traffic to HTTPS. After verifying that your website works with HTTPS, you need to enforce the use of it. See this article for more information: How to force all traffic to HTTPS - #12
SSL certificates are available instantly
The system-wide SSL certificates are active by default and applied automatically to all free subdomains. There is no setup process that needs to be done on individual domains or accounts, either manually or automatically. The moment your free subdomain is created, it’s protected with the system-wide SSL certificates.
In other words: if you’re having issues with the SSL certificate, then “waiting for it to be installed” will not help, because there is no such process.