Not a week has gone by without this feature request being made, as SSL has become a mainstream requirement for professional websites and applications these days - well I'm glad to announce that it's here!
I've made SSL available to all sites on the Forge platform, regardless of whether it's on a Forge subdomain or a custom domain and regardless of whether you're a paying customer or a free plan user.
Activating SSL is super simple, just follow these basic steps.
1. Login or Sign Up to Forge.
2. Go to one of your sites and click the Settings tab in the main navigation.
3. Scroll down the Settings page until you see the SSL section.
4. Click the checkbox to activate the SSL.
5. Hit Save.
And that is all, I told you. Simple. But wait, there's a little more to it... let's continue.
Our SSL certificates are provided by Let's Encrypt. There are some constraints to the service that we have to manage, mainly around the number of certificates that they can issue per week. Here's how we're handling it during the initial roll out...
1. Getforge.io subdomains
Once we receive your request you are added to a queue that will be processed nightly every 24 hours. So activate today, tomorrow you should be ready to go. If you have a paid Forge subscription, however, we will expedite this and process your request on an hourly schedule. Do use this as an excuse to finally upgrade to a paid account if you haven't already :)
2. Custom domains
These will be processed in a job that runs every hour, so often your certificates will be issued and installed within a few minutes, but could be up to 60. Since custom domains are only available to those with at least one of our paid subscriptions, this is the only way we're handling custom domains right now.
Once your certificate is issued, we'll do the boring work of installing for you. You'll receive an email from us when you certificate is successfully setup.
When you've received that, you're ready to use https...
Prepare Your Site for SSL
1. Redeploy your Site - Once you've received your certificate, the very minimum you'll need to do, is redeploy your site. This is because the Forge Deployment process will automatically manage your asset paths from the CDN to be served over https. This will avoid mixed content issues in the browser that would prevent your assets - like fonts and images - from loading.
Use the Force, Luke...
I'll leave it up to your good judgement if, once you're all setup, you'd like to force all requests to your site to be redirected through https or whether you're happy to accept both types. If you do prefer to force it, and I'd recommend you do, then simply switch on the option in the Site Settings. If activated, Forge will handle the rest for you.