How SSL Certificates Work on UniLink (Automatic HTTPS for Your Custom Domain)
How SSL Certificates Work on UniLink (Automatic HTTPS for Your Custom Domain)
UniLink automatically provisions and renews SSL certificates for custom domains — here's what happens behind the scenes, how long it takes, and what to do if HTTPS isn't working.
HTTPS is no longer optional. Browsers flag HTTP sites as "Not Secure," search engines rank HTTPS pages higher, and visitors are increasingly likely to leave a site that shows a security warning. UniLink handles SSL entirely on your behalf — once your custom domain is connected and DNS is verified, a certificate is issued automatically with no configuration on your part. This article explains how that process works, what to expect at each stage, and how to resolve the most common HTTPS issues.
What Automatic SSL Does
UniLink uses Let's Encrypt, a free, automated, and open certificate authority trusted by all major browsers. When you connect a custom domain, UniLink requests a certificate from Let's Encrypt for your domain. Let's Encrypt verifies that you actually control the domain by checking that it resolves to UniLink's servers — this is why DNS must propagate before SSL can work.
Once issued, the certificate is installed on UniLink's servers automatically. All traffic to your custom domain is served over HTTPS, and any HTTP requests are redirected to HTTPS. The certificate is valid for 90 days but renews automatically before it expires. You will never receive a "certificate expired" warning on a domain that stays connected to UniLink.
This process is completely hands-off. You do not need to purchase a certificate, install anything, or configure any server settings. The only prerequisite is that your DNS records point to UniLink and have propagated globally.
How to Get Started With SSL on Your Custom Domain
- Connect your custom domain — In your UniLink dashboard, go to Settings → Custom Domain, enter your domain name, and save. UniLink will show you the DNS records you need to create.
- Add the correct DNS records — At your domain registrar, create the CNAME or A record as shown in your dashboard. For SSL to work, your domain must resolve to UniLink's servers. See our DNS configuration guide for provider-specific instructions.
- Wait for DNS propagation — SSL provisioning starts automatically once UniLink detects your DNS records. Propagation typically takes 15–60 minutes. You can track it at dnschecker.org.
- Watch for the "Active" status — In Dashboard → Settings → Custom Domain, the domain status changes to "Active" once DNS is verified and the SSL certificate has been issued. This usually happens 5–15 minutes after DNS propagates.
- Test your HTTPS connection — Open your custom domain in a browser. You should see a padlock icon in the address bar. Click the padlock to confirm the certificate is valid and issued to your domain.
- Check for mixed content warnings — If the padlock shows a warning triangle, you likely have mixed content (HTTP resources loaded on an HTTPS page). Check your page for any HTTP image URLs or embeds and update them to HTTPS.
- No renewal needed — Your certificate renews automatically 30 days before expiry. No action required on your part.
How to Diagnose SSL Issues
- Confirm DNS propagation first — SSL cannot be issued if DNS hasn't propagated. Go to dnschecker.org and enter your domain. You need to see green checkmarks from most locations before SSL can provision.
- Check the certificate details in your browser — Click the padlock (or the "Not Secure" warning) in your browser's address bar → Connection is secure → Certificate is valid. Look at the "Issued to" field. It should show your domain name, not a default UniLink domain.
- Look for mixed content errors — Open your browser's developer tools (F12), go to the Console tab, and reload your page. Mixed content errors appear as warnings like "Mixed Content: The page at 'https://...' was loaded over HTTPS, but requested an insecure resource 'http://...'."
- Test with SSL Labs — Go to ssllabs.com/ssltest and enter your domain. It gives a detailed report including certificate validity, expiry date, and any configuration problems.
- Check Cloudflare proxy status — If your domain is managed by Cloudflare and the proxy (orange cloud) is enabled, Cloudflare serves its own certificate, not UniLink's. This can cause SSL errors. For UniLink to issue its own certificate, set the DNS record to DNS Only.
- Wait up to 30 minutes after DNS propagation — The certificate provisioning process itself takes a few minutes after DNS verifies. If the domain just became active, give it another 15–30 minutes before troubleshooting further.
- Contact support if certificate never issues — If your domain has been showing correct DNS records for more than 2 hours and SSL still hasn't provisioned, contact UniLink support with your domain name and a screenshot of your DNS records.
Key Settings Explained
| Setting | What it controls | Best practice |
|---|---|---|
| Certificate authority (Let's Encrypt) | The trusted organization that issues and signs your SSL certificate | No action needed — UniLink uses Let's Encrypt automatically |
| Certificate validity period | Let's Encrypt certificates are valid for 90 days | Renewal is automatic — UniLink renews 30 days before expiry |
| HTTPS redirect | Automatically sends HTTP visitors to the HTTPS version of your domain | Enabled by default — all HTTP traffic goes to HTTPS |
| Mixed content | HTTP resources (images, scripts, fonts) loaded on an HTTPS page | Ensure all resources on your page use HTTPS URLs, not HTTP |
| Cloudflare proxy mode | When enabled, Cloudflare serves its own certificate instead of UniLink's | Set to DNS Only (grey cloud) unless you specifically want Cloudflare SSL |
http:// URLs to https://. Most CDNs and image hosts support HTTPS today.How to Get the Most Out of SSL on UniLink
The automatic SSL setup covers everything for a standard custom domain connection. However, there are a few things worth understanding to avoid confusion down the road. The most common point of confusion is the difference between a full padlock and a padlock with a warning. A full padlock means HTTPS is working perfectly. A padlock with a warning triangle means HTTPS is active but some resources on the page are loading over HTTP — this is mixed content and while it doesn't break security entirely, browsers flag it and it looks unprofessional.
Mixed content most commonly comes from image blocks where you've pasted an HTTP image URL, custom HTML blocks with embedded content, or third-party widgets that still use HTTP endpoints. The fix is straightforward: find the HTTP resource and update its URL to use HTTPS. If the resource only exists over HTTP and cannot be changed, consider hosting it on a CDN that supports HTTPS.
Another thing to know is that SSL works per domain. If you later add a second custom domain to your UniLink account, the certificate provisioning process starts fresh for that domain. Each domain gets its own certificate, issued and renewed independently. There's no shared certificate or wildcard needed on your part.
Finally, if you ever disconnect a custom domain from UniLink (for example, to move to a different platform), your SSL certificate will no longer renew and will expire within 90 days. The domain's security then depends entirely on wherever you point DNS next. UniLink's certificate is tied to UniLink's infrastructure, not to the domain itself.
Troubleshooting Common Issues
| Problem | Likely cause | Fix |
|---|---|---|
| Browser shows "Not Secure" or "Your connection is not private" | Certificate not yet issued — DNS may not have propagated or provisioning is in progress | Confirm DNS is fully propagated with dnschecker.org, then wait 15–30 minutes for certificate issuance |
| Padlock shows warning triangle instead of full padlock | Mixed content — some page resources are loading over HTTP instead of HTTPS | Open browser DevTools → Console, find mixed content warnings, update those resource URLs to HTTPS |
| Certificate shows issued to wrong domain or shows "unil.ink" | Cloudflare proxy is active and serving Cloudflare's certificate instead of UniLink's | Set your domain's DNS record to DNS Only (grey cloud) in Cloudflare panel |
| Certificate expired warning appears | Domain was disconnected from UniLink and auto-renewal stopped, or DNS changed away from UniLink | Reconnect the domain in UniLink settings or renew via your current hosting provider |
Pros
- Fully automatic — no certificate purchase, installation, or renewal needed
- Let's Encrypt certificates are trusted by all major browsers and operating systems
- HTTP to HTTPS redirect is enabled by default — visitors always get a secure connection
- Auto-renewal 30 days before expiry means your certificate never expires unexpectedly
Cons
- SSL provisioning requires DNS to propagate first — can't be instant
- Mixed content issues from user-added HTTP resources must be fixed manually
- If you use Cloudflare proxy mode, UniLink's certificate conflicts with Cloudflare's own SSL
Frequently Asked Questions
How long does SSL take to activate after I add my DNS records?
SSL provisioning starts automatically once UniLink detects your DNS records pointing to its servers. After DNS propagation (usually 15–60 minutes), the certificate is typically issued within an additional 5–15 minutes. In total, plan for about 30–90 minutes from the time you add your DNS records to when HTTPS is fully active.
Do I need to renew the SSL certificate?
No. UniLink renews your Let's Encrypt certificate automatically 30 days before it expires. The 90-day validity period is a Let's Encrypt policy, but renewal is seamless and invisible to you. As long as your domain stays connected to UniLink with correct DNS records, the certificate will never expire.
What's the difference between a padlock and a padlock with a warning?
A full padlock means your page is fully secure — all resources load over HTTPS. A padlock with a warning triangle means your page has mixed content: HTTPS is active, but some resources (images, scripts, embeds) are being loaded over HTTP. Mixed content weakens HTTPS security and browsers flag it. Fix it by updating HTTP resource URLs to HTTPS.
Can I use my own SSL certificate instead of Let's Encrypt?
UniLink's platform uses Let's Encrypt certificates for all custom domains. Custom certificate upload is not currently supported. Let's Encrypt certificates are fully trusted by all browsers and provide the same level of security as paid certificates for standard HTTPS use.
What happens to my SSL certificate if I disconnect my domain?
When you remove a custom domain from UniLink, the auto-renewal stops. Let's Encrypt certificates are valid for 90 days, so the certificate remains valid until it expires. After expiry, visitors will see an SSL error unless you've set up a new certificate through your new hosting provider.
Key Takeaways
- UniLink provisions SSL automatically via Let's Encrypt once DNS records are verified — no manual steps needed
- SSL typically activates 5–15 minutes after DNS propagation, which itself takes 15–60 minutes
- A padlock with a warning triangle means mixed content — fix HTTP resource URLs in your page
- Cloudflare proxy mode (orange cloud) interferes with UniLink's SSL — use DNS Only mode instead
- Certificates renew automatically 30 days before expiry — you will never need to manually renew
Ready to secure your custom domain?
Connect your domain to UniLink and get automatic HTTPS with no configuration, no certificate purchases, and no renewals to manage.
Get Started FreeCreate Your Free Link-in-Bio Page
Join thousands of creators using UniLink. 40+ blocks, analytics, e-commerce, and AI tools — all free.
Get Started Free