Ensuring your website is secure with SSL (Secure Sockets Layer) is critical for protecting data, maintaining user trust, and meeting the requirements of premium advertising partners. For Cloud Integrated sites, Ezoic provides a suite of tools to manage the handshake between the visitor, Ezoic’s servers, and your origin host to ensure a seamless HTTPS experience.

Note: The SSL settings and tools within the Ezoic dashboard are only applicable to sites using Cloud Integration (Name Servers or Cloudflare). Publishers using other methods manage their SSL certificates directly through their hosting provider or CMS.

SSL configuration at Ezoic is managed through Settings > Privacy > SSL. When a site is integrated via the Cloud, Ezoic acts as a secure node that handles encryption and decryption.

Encryption Levels:

• Full SSL: Ezoic communicates with your origin server via HTTPS. This requires a valid certificate to be present on your host.

• Flexible SSL: Ezoic communicates with your origin server via HTTP (unencrypted), but serves the site to the end-user via HTTPS. This is used if your host does not have an SSL certificate.

• Strict SSL: This requires your origin certificate to be valid, unexpired, and issued by a trusted Certificate Authority (CA).

Steps: 

1. Accessing SSL Settings

1. Log in to your Ezoic dashboard.

2. Navigate to Settings > Privacy > SSL.

3. Click Edit SSL Settings.

2. Name Server Integration (Pre-existing Certificate)

If you already have an SSL certificate installed on your host:

1. Verify that your site is integrated via Ezoic Cloud.

2. In the SSL settings, select Full.

3. If your host does not automatically redirect traffic to HTTPS, you can toggle "Automatic HTTPS Redirect" to ON within the Ezoic dashboard.

3. Name Server Integration (No Pre-existing Certificate)

If you do not have an SSL certificate on your host:

1. In the SSL settings, select Flexible.

2. Add your hostnames (including subdomains) to generate Ezoic Certificates.

3. Once the certificate is generated, verify that the site loads via HTTPS manually before enabling the automatic redirect.

4. Cloudflare Integration

1. Ensure your Ezoic SSL settings match your Cloudflare dashboard (e.g., if Cloudflare is set to "Strict," Ezoic must be set to "Strict").

2. If using Full or Strict, ensure your origin certificate is valid to avoid "526" errors.

Redirect Loops (Too Many Redirects)

• Symptom: The site fails to load, and the browser displays a "Too Many Redirects" error.

• Cause: This typically occurs when both Ezoic (or Cloudflare) and your origin host are attempting to force an HTTPS redirect simultaneously.

• Solution: Ensure the "Automatic HTTPS Redirect" is enabled in only one location. If your host server already forces HTTPS, keep the toggle OFF in the Ezoic dashboard.

Invalid SSL Certificate Warnings

• Symptom: Users see a "Your connection is not private" or "Invalid Certificate Authority" warning.

• Solution: Verify that your origin certificate hasn't expired and is issued to the correct common name. If you cannot resolve host-level SSL complexities, we recommend switching to JavaScript Integration. Because JavaScript integration is more lightweight and operates at the page level, it bypasses DNS-level SSL handshakes entirely, effectively avoiding these types of connection errors.

Mixed Content Warnings

• Symptom: The browser shows a "Not Fully Secure" or "Parts of this page are not secure" warning.

• Cause: The page is loading via https://, but individual assets like images, CSS, or scripts are still being called via http://.

• Solution: Update your internal site links to be protocol-relative (e.g., //domain.com/image.jpg) or explicitly HTTPS.

526 Unauthorized Errror (Cloudflare Integration)

• Symptom: The site displays a Cloudflare 526 error page.

• Cause: This happens when Ezoic or Cloudflare is set to "Strict" SSL, but the certificate on your origin server is invalid or self-signed.

• Solution: Either install a valid, trusted CA certificate on your host or change the SSL setting in both Cloudflare and Ezoic to Full (which allows self-signed certificates).

Does Ezoic provide a free SSL certificate?

Yes. For Cloud Integrated sites (Name Servers or Cloudflare), Ezoic can generate and manage a free SSL certificate for your primary domain and any associated subdomains.

Why shouldn't I enable the "Automatic Redirect" in two places?

If your host and Ezoic both force a redirect, they can get caught in a loop where the host sends the user to Ezoic, and Ezoic sends them back, resulting in a site crash for the end user.

Can I use Ezoic's SSL tools if I am integrated via JavaScript or the WordPress Plugin?

No. The SSL settings in the dashboard are only for Cloud (DNS) integrated sites. Publishers using JavaScript or the WordPress plugin must manage their SSL certificates entirely through their hosting provider.

What is the difference between "Full" and "Strict" SSL?

Full encryption allows for self-signed certificates on your origin server, while Strict requires a certificate from a trusted authority (like Let's Encrypt or Comodo) that matches the requested hostname.

Will changing my SSL settings impact my revenue?

Indirectly, yes. If SSL is misconfigured and your site shows security warnings or becomes unreachable, advertisers will stop bidding and users will leave the site, leading to a sharp decline in EPMV.

What is "Flexible" SSL?

Flexible mode allows Ezoic to communicate with your server via HTTP (unencrypted) while serving the site to the visitor via HTTPS (encrypted). This is useful if your host does not support SSL, though Full is always recommended for better security.

If you need further assistance with your site's SSL, please log in via support.ezoic.com to make use of our dedicated resources for support. We're here to help!