squarespace https warning.png

We have a couple of marketing sites hosted at SquareSpace that don't require the use of SSL. However, if a user accidentally types in https or browser plugin forces https when browsing to our domain, they are presented with an invalid certificate warning. The reason behind this is because SquareSpace supports custom domains, but does not support uploading SSL certificates for custom domains. I inquired if Squarespace could handle the SSL rewrite as a support request, but this is not an option.

To avoid SSL warnings, our solution was proxy the HTTPS connections and redirect the requests as HTTP to our SquareSpace site. You still need to terminate the SSL connection with a valid certificate. We used an EC2 micro instance using nginx with SSL termination to accomplish this.

This is a rough outline of the steps. 

Warning: I would not recommend proceeding without some knowledge of EC2, ubuntu, nginx, DNS, SSL, certificates, and general networking.

Instructions are based on Ubuntu 12.04.

  1. Create or aquire an SSL certificate for your custom domain (We use Digicert (free plug)). Instructions to generate the CSR and obtain the plublic cert are typically on the provider's site.
  2. Create an Ubuntu micro instance (everyone receives a 1 free EC2 micro tier instance a month for 1 year)
  3. Assign the instance and Elastic ip (eg static ip)
  4. Verify the instance is open to 80, 443, and 22 (you may need to modify the EC2 instance security group to do this)
  5. SSH to the instance
  6. Update the repository packages
  7. Update the server 
  8. Install nginx
  9. Disable the default site (ubuntu specific) : sudo rm /etc/nginx/sites-enabled/default
  10. Create a new config file (substituting your domain name in the server_name directive): sudo vi /etc/nginx/sites-available/squarespace_redirect (or w/e) and copy in the config below.
  11. Copy the SSL certificate public key and private key to the location speficied in the ssl_certificate directive.
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
server_name your_custom_domain.com;
location / {
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_pass http://65.39.205.57;
}
}

12.  Link the new config file: sudo ln -s /etc/nginx/sites-available/squarespace_redirect /etc/nginx/sites-enable/squarespace_redirect

13.  Restart nginx 

14.  Verify 80 and 443 are listening (netstat or w/e)

15.  Modify your public DNS A record to point to the elastic ip set earlier.

16.  Wait for DNS change to propagate.

17.  Lastly, document your setup (trust me, dont' be THAT guy)

2 Comments