Home > General > Affiliate Marketing Forum

---

How to enable SSL/HTTPS for your campaigns with VOLUUM. (20)

---

Last week, Amy started a thread that showed the possible importance of using secure/httpS links in our campaigns, especially when runnning iOS traffic.

The thread is here : https://stmforum.com/forum/showthrea...ntiom-to-tip-2

So obviously, I wanted to test this myself to see if I can improve my ROI. It took me some time to set everything up, so I decided to sum the necessary steps up in an article, to make your life easier ... should you decide to do the same. I was using Voluum for this, so this tutorial is related to Voluum tracking setup.

LET'S START :

In order for the whole flow to work correctly, all of the steps must use SSL encryption ... the tracking domain, landing page domain, affiliate network tracking domain and the offer domain. If some of the domains isn't secure, the users can get a warning about leaving secure environment and that's not something we want.

Affiliate networks are usually sorted, most of the advertisers use secure links already too ... but these are steps we cannot influence anyways, so just make sure you're working with the right ones.

So there are 2 steps to fix : your tracking domain and your landing page url.

LANDING PAGE DOMAIN FIRST:

This went smooth in my case, I just contacted the hosting provider that is hosting some LPs for me and asked them to activate SSL for the given domains. There is a free SSL certificate provider, that MANY hosts support so I asked about the possibility to use them and it worked … https://letsencrypt.org/

This took literally 10 minutes and didn't require any additional action from me and it's also a free service.

In case your host doesn't support this option yet, you can still handle this on your own, but you will need shell access and it requires some tech knowledge. Most of us are running on managed hosting, so the support should be able to help you with it.

TIP : Erik just wrote an add on for this tutorial, check it out in case you are using CloudFlare or ServerPilot : 2 Dead Simple Ways How to Setup SSL/HTTPS for FREE with CloudFlare/ServerPilot

NOW THE TRACKING DOMAIN:

In voluum, there are 2 ways to handle this : by using custom domains or using a dedicated domain … or a combination of both.

The old system they started with, was using LEGACY domains … those that looked like abdfts.voluumtrk2.com, abdfts.trackvoluum.com … (I made the abdfts string up). But as per their own statement, these are considered to be deprecated soon. The main problem with these is that all voluum users were using the same domains and if some users did some very ugly things, everyone could have been affected.

The replacement will be a DEDICATED domain, so a domain that is just yours to use. Voluum has these pre-registered and you can simply request one to be added to your account. These domains are rather random, with no meaning, which is fine for just a tracking domain, since all they do is redirect to the LP or offer.

Once you have this domain added by their support, there will be a new section added to the domain setup : Dedicated domain. I've put it in a BLUE rectangle on the screenshot below. Now you can request SSL encryption for it, just by clicking a link next to it (I already have it enabled, that's why you see “disable SSL” in the screen). This option is free of charge.

In order for this to work, you need to change the Main domain setting too, it's in red rectangle in the screen. Pick the new Dedicated domain and voluum will automatically change it in all campaign links for you.

TIP: the campaign links will still be regular “http”, so you have to add the “s” yourself. Not sure why they did it this way, but that's how it is … got it confirmed from their support.



The second option is to use CUSTOM domains for this. SSL for custom domains is a paid option, on the PRO plan it costs 49$ per month and it is good for up to 3 custom domains.

Custom domains are domains that you register yourself and you set their CNAME records (on the DNS server) to point to either the LEGACY or DEDICATED domain on your voluum account. Since the legacy domains should be deprecated, I would recommend to request the Dedicated domain too and use it. If you decide to use a current custom domain and also switch to the dedicated domain, don't forget the update the CNAME record.

Again, you have to ask support to turn this (custom domains ssl) option on for you. In order for it to work, make sure you set the right MAIN domain to be used in your campaign links. Custom domains are listed on the same Domain setup page, you can see them in the section in black rectangle on the screenshot.

CHANGE THE FUNNELS:

So now we have a SSL encrypted landing page domain and we can also use https in our voluum links. But there is more to change here, to make sure all works fine.

A. LPs in voluum : you need to edit all affected LP urls in voluum and change them to https.

B. Campaign URLs : you need to grab the updated campaign urls, add the “s” to them and update all related campaigns at the traffic sources.

C: Your LP code : you need to update the code of every single LP you will be using. In case you decided to use just the dedicated domain, you will have to change all the CTA links to the new CLICK url, which will contain the new dedicated domain and don't forget to change the https part too. Even if you stick with the old custom domains, make sure to change http to https on the CTA links.

D: Postback URLs : in case of a domain change, you also need to update the postback. All you have to do is to update the domain and replace it with the new one, the rest of the syntax remains the same.

TIP: When updating postback, make sure to check whether the domain is using the WWW prefix or not and tweak your postback accordingly, otherwise it won't work.

Plan this carefully and do all changes at the same time, some traffic sources will put campaigns on hold and trigger a new review, so make sure all the new domains (if any) are working properly. The bet is to pause the campaigns and edit the funnel first, then relaunch.

Hopefully I didn't forget any important part, let me know if something isn't clear so I can add an explanation.

Cheers,
Matej.

---

Great guide!

If your host doesn't support (free) SSL certificate activations, my preferred option is to run all my domains through Cloudflare for their free SSL certificate.

Cloudflare comes with a bunch of other useful features as well such as CDN delivery, caching, server IP protection, and a whole lot more.

All of that for free, can't really beat that.

---

Yup, the tutorial could use more examples of how to set this up with various hosts or CDNs ... I started with what I was using, but if someone want's to write an add-on for other situations, that would be awesome

That's how we all like it ... I hope Voluum wil reconsider their pricing policy for the custom domains, it's very high IMO.

---

MANY people were asking how to do that on the Advertizer.com tips thread! You da man!


Amy

Sent from my SM-G930W8 using STM Forums mobile app

---

For this I recommend Sublime Text.
There you can just open dozens of landers simultaneously and then search for the links in all landers at once and change them in bulk.
It only takes a minute or so compared to go through it all one by one.

Apart from that, if there is interest I can also open a thread on how to setup SSL/HTTPS for Binom.
It´s 1000x faster and easier than for Voluum.

---

Yup, editing tons of LPs can be a pain ... I've just been through it, but since it was a one time task, I didn't mind all that much.

As for the binom guide, definitely write it if you can find time for that, looks like the that tracker is gaining traction and several STM members are using it already.

---

Indeed it´s a real pain, I had such a situation recently where I had to change stuff on tons of landers.
I already thought about building a bot for it but then I discovered the function in Sublime, was a real timesaver.

Yes, it´s gaining traction and I hope it will get much bigger.
Just updated my tracker today, in the new update they have implemented a check for flagged domains.
Also you can add as many domains as you want to as HTTPS for free on Binom, no additional costs and no additional work, it´s an automated task.
Will write the post tomorrow when I am back online.

---

I'm using AWS and CloudFront. CloudFront supposedly comes with ssl, but I can't figure out how to get it activated. Anybody know how this is supposed to work?

---

Thanks for writing this up Matej!

I decided to write "add-on" on how to set this up on CloudFlare and ServerPilot.

As an extra with these methods you will get SSL for FREE:

2 Dead Simple Ways How to Setup 🔒 SSL/HTTPS for FREE with CloudFlare/ServerPilot

---

I've updated all tracking domains to https but just want to clear one query which's related to conversion tracking

I've postback URL with http in all our affiliate network / advertiser side so I've to update postback URL with https tracking domains or it's not required ?

---

I think you do NOT need to use https postback, shouldn't have any effect on its function if you leave it with http only.

---

Anyone had issues updating SmartCPA campaigns with propeller to HTTPS? Since, tracking link is not something that can be edited, and last time I inquired about this with the support (which was a year ago, for just a tracking domain name change), they said that I will have to resubmit a new campaign. (Meaning loosing optimization costs again).

---

I'm not running anything with propeller now, but can't you just edit the url and wait for it to get approved again ... and that's it?

---

Not for SmartCPA. It has to be re-submitted as a brand new campaign. But I will contact support and see if in these circumstances they can just add an "s" to the links. I will post back here.

---

I see, that's quite a stupid limitation ...

But even if you had to create a new campaign, you should be able to copy the blacklist or at least do it manually in the new camp too ... it's a hassle I know, but it should be doable.

---

Here is the reply I got. Just FYI.

---

Okey, so I am kind of talking out of my ass here, but based on everything that I have read and playing around with CloudFlare, wouldn't this work:

- Route your custom domains in Voluum though CloudFlare as well, with CNAME to your dedicated domain that has SSL enabled for FREE by Voluum.
- Setup all the Page Rules as per instructions in the other thread (Security settings: Off, Cache Level: bypass, Browser Integrity Check: Off)
- Enable "Always use HTTPS: Redirect all requests with scheme “http” to “https”. This applies to all http requests to the zone." in CloudFlare for those domains.

Now campaigns (Like Propeller SmartCPA) where links cannot be changed (Or if user doesn't want to resubmit campaigns for whatever reason, eg to avoid downtime), will be automatically changed to HTTPS by CloudFlare?

Does this kind of make sense or am I way off.

---

No idea if this would work, never used cloudfare so hard to say, BUT ... the initial url that the visit from propeller would be send to, is still going to be the old "http" only, so it's not gonna solve the initial problem. For maximum effect, EVERY single part of the chain has to be httpS.

---

This would require "orange cloud" mode in Cloudflare where they proxy the traffic through their servers.

That's fine and all, but highly likely this will not work on top of Voluum unless their systems are configured to expect such a situation and use headers passed onward by Cloudflare, e.g. forwarded IP of the client and so on.

You can test it but not sure it will work. In the end its a lot of effort to go to when all you need to do is create new campaigns using an https link.

---

Happy to let you know that's no longer the case. Voluum's developed a solution that generates campaign URL using HTTPS if SSL is enabled for the main domain. So now you just need to double check if you use only one type of protocol within the campaign funnel to avoid mixing up the HTTP with HTTPS links.

Karolina

---

Home > General > Affiliate Marketing Forum