When you’re running a Shopify store, SSL is already done for you. Shopify provisions a free SSL certificate through Let’s Encrypt the moment a domain is connected, renews it automatically every 90 days, and includes it on every plan at no extra cost. The real questions most store owners are searching for are not “how do I add it” but “how do I check it’s working”, “why is mine stuck on pending”, “how do I force HTTPS site-wide”, and “what do I do when the padlock isn’t showing”. This guide walks through all of those, plus what to check when Shopify says your certificate is unavailable.

Key Takeaways
1
Shopify provides a free SSL certificate on every store, every plan, with no setup or renewal needed.
2
SSL provisions automatically once your custom domain’s DNS is pointing correctly at Shopify (usually within 48 hours).
3
Most “SSL not working” issues on Shopify are DNS or mixed-content problems, not certificate problems.

Does Shopify Provide An SSL Certificate?

Yes. Every Shopify store gets a free SSL/TLS certificate, included on every plan from Basic through Plus. The certificate is issued by Let’s Encrypt and managed by Shopify, so you never have to buy one, install one, or renew one yourself. This applies to:

  • Your default your-store.myshopify.com domain (always secured automatically the moment the store is created)
  • Any custom domain you connect (secured automatically once DNS is pointing correctly)
  • Your checkout pages (always served over HTTPS on Shopify’s infrastructure)

You don’t need to buy an SSL certificate from a third party. In fact, Shopify doesn’t let you bring your own. The platform issues and manages the certificate for you, which is the whole point of using a hosted commerce platform like Shopify rather than running your own server.

Shopify SSL Certificate Requirements In 2026

There are no requirements to enable or pay for SSL on Shopify itself. The only thing required from the store owner is that the custom domain is correctly pointed at Shopify so the platform can issue the certificate. Specifically:

  1. Your domain’s A record for the root domain (yourdomain.com) points to Shopify’s IP 23.227.38.65.
  2. Your domain’s CNAME for www points to shops.myshopify.com.
  3. You’re not using “domain forwarding” at your registrar. Forwarding masks the domain and prevents Let’s Encrypt from validating it. Actual DNS records are required.
  4. Your domain has no CAA record that excludes Let’s Encrypt. If you have a CAA record set, it must include letsencrypt.org.

If those four things are true, Shopify will provision the certificate automatically. Usually within minutes, sometimes up to 48 hours.

What Is SSL And Why It Matters For Your Store

SSL (the underlying protocol is now technically TLS, though almost everyone still calls it SSL) is the standard for encrypting traffic between a shopper’s browser and your store’s server. It does three things that matter for an ecommerce store:

  • Encrypts checkout data so credit card numbers, addresses, and login credentials can’t be read in transit.
  • Signals trust visually through the browser padlock and the https:// prefix. Shoppers have been trained to look for the padlock before entering payment details.
  • Affects search rankings. Google has used HTTPS as a small ranking factor since 2014 and treats unsecured pages as lower-quality in the search index.

For a store that takes payments, SSL isn’t optional. It’s a baseline platform requirement that Shopify handles for you.

How To Check Your Shopify SSL Status

To confirm SSL is active on your store, check in two places.

Inside the Shopify admin:

  1. Open your Shopify admin and go to Settings > Domains.
  2. Find your custom domain in the list.
  3. Look for the green SSL certificate indicator next to the domain name. A green check means the certificate has been issued and is active.
  4. If you see “SSL pending” or “SSL unavailable”, the certificate hasn’t been issued yet. See the troubleshooting section below.

In the browser:

  1. Open your storefront in Chrome or Safari.
  2. Look at the address bar. You should see https:// in front of your domain and a closed padlock icon to the left of it.
  3. Click the padlock and choose “Connection is secure” or “View certificate” to confirm the certificate is valid and issued by Let’s Encrypt.

If both checks pass, your Shopify SSL certificate is working as expected.

Force HTTPS Across Your Store

Shopify automatically redirects every page on your storefront from http:// to https:// once SSL is active. This happens at the platform level, so you don’t need to add any redirect rules yourself. Visitors who type http://yourdomain.com will land on the secured version every time.

What this means in practice:

  • You can’t disable the HTTPS redirect on Shopify (and you shouldn’t want to).
  • Internal links inside your theme should use protocol-relative or HTTPS URLs to avoid mixed-content warnings even though Shopify will redirect them.
  • External backlinks pointing at http:// versions of your pages will still pass authority through the redirect, so older inbound links remain useful after SSL goes live.

How Long Does Shopify SSL Take To Activate?

For most stores, SSL activates within a few minutes of connecting a custom domain. The outer bound is 48 hours, and Shopify’s admin will display “SSL pending” until the certificate has been successfully issued. Three things affect how long it takes:

  1. DNS propagation. If you just changed your A or CNAME records, they need to propagate globally before Let’s Encrypt can validate the domain. This is usually under an hour but can take longer depending on your registrar’s TTL.
  2. Whether DNS is correctly configured (see the requirements above). If the records are wrong, the certificate will never issue, no matter how long you wait.
  3. Whether there’s a CAA record blocking Let’s Encrypt. If so, the certificate request will be rejected immediately and stay “pending” indefinitely.

If you’re past the 48-hour mark and still seeing “SSL pending” or “SSL unavailable”, the issue is almost always one of the DNS configuration problems below, not a Shopify or Let’s Encrypt outage.

Troubleshooting: Shopify SSL Pending Or Unavailable

This is the most common SSL question on Shopify, and the fix is almost never on Shopify’s side. Work through these checks in order.

1. Verify Your DNS Records

Open your domain registrar and confirm:

  • A record for @ (the root) points to 23.227.38.65.
  • CNAME for www points to shops.myshopify.com.
  • There are no other A records for the root domain pointing somewhere else.

Use a tool like dnschecker.org to verify the records are visible globally, not just from your own machine.

2. Check For Domain Forwarding

If your registrar is “forwarding” the domain instead of pointing DNS at Shopify, the certificate will never issue. Forwarding hides your domain behind an HTTP redirect, and Let’s Encrypt can’t validate a domain that doesn’t resolve to the actual Shopify server. Disable forwarding and replace it with proper A and CNAME records.

3. Check Your CAA Record

A CAA (Certification Authority Authorization) record tells the world which certificate authorities are allowed to issue certificates for your domain. If you have a CAA record that doesn’t include letsencrypt.org, Let’s Encrypt will refuse to issue, and Shopify’s certificate request will fail silently. Either remove the CAA record entirely (most stores don’t need one) or add letsencrypt.org to the list of permitted issuers.

4. Disconnect And Reconnect The Domain

If everything looks correct but the certificate is still stuck after 48 hours, remove the domain from Settings > Domains and reconnect it. This triggers a fresh certificate request and clears any cached failure state on Shopify’s side.

5. Contact Shopify Support As A Last Step

If you’ve confirmed all of the above and the certificate still won’t issue, open a Shopify support ticket. Include the exact text of the admin error, screenshots of your DNS records, and the result of dig yourdomain.com. Support can manually trigger a reprovision from their side.

Fixing Mixed-Content Warnings

A “mixed content” warning means your page is served over HTTPS but loads at least one asset (image, script, stylesheet, embed) over plain HTTP. The padlock will turn into a warning icon, and some browsers will block the insecure resources outright. To fix it:

  1. Open the page in Chrome and press F12 to open DevTools.
  2. Click the Console tab and look for any “Mixed Content” warnings. Each one names the exact URL of the insecure resource.
  3. Track the URL back to its source. It’s usually a hardcoded http:// link inside a theme file, a product description, a blog post, or a third-party app’s embed code.
  4. Edit the source to use https:// instead, or change it to a protocol-relative URL (//example.com/image.jpg).
  5. Reload the page and confirm the padlock is back.

Most mixed-content warnings on Shopify come from old product images uploaded before SSL was enabled, or from third-party embed codes (analytics scripts, chat widgets, video players) that still use HTTP URLs. Updating the source fixes them permanently.

Is The SSL Certificate Included In Every Shopify Plan?

Yes. SSL is included on every Shopify plan, including the entry-level Basic plan, the standalone Shopify Starter plan, and Shopify Plus. There is no upgrade required and no add-on to purchase. The certificate is the same Let’s Encrypt domain-validated certificate across every plan, and the renewal cadence is identical.

Should I Use A Third-Party SSL Certificate On Shopify?

You can’t, and you wouldn’t want to. Shopify doesn’t support uploading or installing third-party SSL certificates. The platform manages SSL at the load-balancer level for every store on its infrastructure, which is why it can offer it free and renew it automatically. If you’re moving to Shopify from a platform where you paid for an SSL certificate, you can cancel that subscription. Shopify’s built-in certificate covers everything it did and costs nothing.