×

Hupspot SSL and Domain Security Guide

/ CRM, Hubspot / By

How to Manage SSL and Domain Security in Hubspot

Securing your website traffic in Hubspot is essential for protecting visitor data, improving trust, and supporting modern browser standards. This guide explains how SSL, security certificates, and domain protection work when you host content on Hubspot, and what you need to do to keep your domains fully secure.

All information in this article is based on the official documentation for SSL and domain security in Hubspot, including default behavior, configuration options, and important technical limitations.

How SSL Works in Hubspot

When you connect an eligible domain, Hubspot can automatically provision a standard SSL certificate at no extra cost. This allows your content to load over HTTPS without requiring you to purchase or manually install certificates in most cases.

Hubspot generates and renews these certificates through supported certificate authorities. Your visitors then see the secure padlock in the browser, and all data between their browser and your Hubspot-hosted pages is encrypted in transit.

Automatic SSL in Hubspot

For most customers, automatic SSL is the default behavior. After you connect a domain and the DNS is correctly configured, Hubspot begins validating domain ownership and issuing the certificate.

Key points about automatic certificates include:

  • Provisioned at no additional cost for eligible domains.
  • Automatically renewed before expiration.
  • Managed entirely by the platform, with no manual file uploads.
  • Used for hosted content like landing pages, blogs, and website pages.

If validation fails, Hubspot will notify you so that you can fix issues such as incorrect DNS records or conflicts with another provider.

Supported SSL Certificate Types

Hubspot uses fully trusted certificates from industry-standard certificate authorities. The platform supports:

  • Domain-validated (DV) certificates for most standard connected domains.
  • Wildcard certificates for certain subdomain structures, when applicable.
  • Automatic coverage for primary and secondary domains hosted on Hubspot.

Extended validation (EV) or organization validation (OV) certificates that show additional identity details in the browser bar are not issued directly within Hubspot. Instead, the focus is on secure encryption and broad compatibility for marketing and website content.

Setting Up Domain Security in Hubspot

Before Hubspot can secure traffic with SSL, you must connect a domain and configure DNS records to point to the platform. This ensures your content is delivered from Hubspot while meeting browser security requirements.

Connecting a New Domain in Hubspot

To connect a new domain, follow these general steps in your account settings (exact labels can vary slightly by product tier):

  1. Go to your domain management or website domains settings area.
  2. Click to connect a new domain for website pages, blog, landing pages, or email.
  3. Select the correct domain type (primary, secondary, redirect, or email sending).
  4. Enter the domain or subdomain you want to use.
  5. Review the DNS instructions generated by Hubspot.
  6. Update your DNS records at your domain registrar according to those instructions.
  7. Allow time for DNS to propagate and for SSL provisioning to complete.

Once DNS is correct and verification is successful, Hubspot begins issuing the SSL certificate automatically. During this period, some visitors may still see HTTP versions until the secure configuration is fully active.

DNS Requirements for Secure Hosting

Hubspot provides specific DNS records that you must add or update at your registrar or DNS provider. Common requirements include:

  • CNAME records for subdomains hosted on the platform.
  • A records or other mappings for root domains, depending on your provider.
  • Removal or modification of conflicting records that point to another host.

Misconfigured DNS can block SSL provisioning, cause insecure warnings, or lead to content not loading. Always ensure that only the records provided by Hubspot are used for the domains you host on the platform.

HTTP to HTTPS Redirects in Hubspot

Once SSL is active, Hubspot can redirect all HTTP traffic to HTTPS. This protects users from accidentally using an insecure version of the page and improves security signals for search engines.

Automatic Redirect Behavior

When a supported domain has a valid certificate, Hubspot automatically serves content over HTTPS. In most typical setups:

  • Typing the domain without a protocol redirects to the secure version.
  • Existing HTTP links are upgraded to HTTPS when possible.
  • Browsers display the secure padlock and https:// prefix.

This automatic redirect behavior simplifies migration because you do not need to configure server-side rewrite rules or load balancer settings yourself.

Managing Additional Redirects in Hubspot

Beyond protocol redirects, you may still need marketing or structural redirects, such as:

  • Redirecting old URLs to new URLs after a redesign.
  • Mapping legacy paths to new content in Hubspot.
  • Consolidating multiple domains or subdomains into a single main domain.

Use the built-in URL redirect tools in your account to manage these changes. They work alongside HTTPS enforcement to provide both security and a consistent visitor experience.

Domain Security Limitations in Hubspot

Although Hubspot provides robust SSL and protocol-level protection, there are important limitations to understand so that you can design your overall security strategy correctly.

What Hubspot SSL Does Not Cover

Platform-managed SSL focuses on traffic between visitors and Hubspot-hosted content. It does not replace:

  • Network security measures such as firewalls and VPNs.
  • Custom application security for separately hosted software.
  • Third-party certificates for infrastructure outside of Hubspot.

If your architecture includes external apps, APIs, or separate servers, you must manage SSL and security for those systems independently, even if they share a brand domain.

Mixed Content Risks

Even with SSL enabled, pages can still show warnings if they load non-secure resources. Common mixed content issues include:

  • Images served over http:// instead of https://.
  • Scripts or stylesheets linked from insecure URLs.
  • Embedded content from external sites without HTTPS support.

To maintain full security in Hubspot, always:

  • Use HTTPS for all external assets where available.
  • Update legacy templates and content to secure URLs.
  • Test key pages in modern browsers to detect any mixed content warnings.

Hardening Your Hubspot Domain Security

Beyond the default SSL configuration, there are additional steps you can take to strengthen your security posture and comply with best practices.

Account-Level Protection in Hubspot

Domain security is only as strong as the account that manages it. To reduce risk:

  • Enable two-factor authentication for all users who manage domains.
  • Restrict super admin and domain settings access to trusted team members.
  • Review user permissions regularly and remove unused accounts.

These measures help prevent unauthorized domain changes that could disrupt SSL or reroute traffic away from your Hubspot content.

Monitoring and Troubleshooting SSL Issues

Keep an eye on domain status so you can react quickly to issues. Common checks include:

  • Verifying that all primary and secondary domains show as secure in settings.
  • Testing site access in incognito windows or multiple browsers.
  • Looking for browser warnings about expired or mismatched certificates.

If you see problems, review your DNS configuration first, then compare your setup to the official guidance. You can reference the original documentation at Hubspot SSL and domain security documentation for the latest supported behaviors and limitations.

Additional Resources Beyond Hubspot

While the platform manages much of the SSL lifecycle, broader web strategy often involves multiple tools and consultants. For advanced implementation, migrations, or multi-domain setups that include external infrastructure, you may want expert help.

You can explore strategy, SEO, and technical consulting services at Consultevo, which provides guidance on aligning web security, analytics, and marketing performance across platforms.

By understanding how SSL and domain protection work in Hubspot, configuring DNS correctly, and monitoring for mixed content and redirect issues, you can deliver a secure, trustworthy experience for every visitor to your hosted pages.

Need Help With Hubspot?

If you want expert help building, automating, or scaling your Hubspot , work with ConsultEvo, a team who has a decade of Hubspot experience.

Scale Hubspot

“`

Verified by MonsterInsights