Stop MailChimp Forms Breaking Your SSL
We recently re-designed this site, and when we did we also decided to run the site entirely over SSL.
Actually moving our site to SSL was relatively simple, but we’ve found that many web services still struggle to work correctly with SSL.
For example, we found that MailChimp, Feedburner, Amazon, dlvr.it and other RSS services didn’t seem to like any feeds served over SSL. We had to tweak our .htaccess file so that our RSS feed doesn’t use SSL.
This week we found that our MailChimp sign-up form was breaking our SSL In Chrome.
You can see our newsletter form in the sidebar of this site:
It took some testing to solve the problem but we managed to do it.
Inside the default MailChimp form we had code that looked like this:
<form action="http://ostraining.us1.list-manage1.com/subscribe/post?u=c4fe34ed80790dd773846d4e1&id=e030bfa9b8
The obvious solution was to remove the http:// from the URL and replace it with // so that it reads like this:
<form action="//ostraining.us1.list-manage1.com/subscribe/post?u=c4fe34ed80790dd773846d4e1&id=e030bfa9b8
However, by itself that wasn’t enough. By experimenting, we realized that we needed to change the MailChimp URL also. We had to change list-manage1.com to list-manage.com.
Here’s the final MailChimp URL that works behind an SSL in all browsers:
<form action="//ostraining.us1.list-manage.com/subscribe/post?u=c4fe34ed80790dd773846d4e1&id=e030bfa9b8
Update: replace // with https:// so that the form is always secure.
I expect we’ll run into more SSL problems as a relatively early adopter. We’ll try to post solutions as we find them and hopefully services like MailChimp will adapt to make SSL use easier.
Thanks a lot. This was becoming a headache.
You’re very welcome, Hbrow! Glad it was helpful.
Same thing here… thank you for this easy solution
Oh yes. One thousand times yes.
This just saved me hours of fussing.
Thanks so much. Very useful info. Saved me a lot of time. Too bad Mailchimp didn’t have this on their own website, as they should have.
Thanks guys, you made my day 🙂
This worked perfectly. I just switched over to SSL on my site and the Mailchimp form was throwing up an error. Problem resolved.
Exactly the fix I needed. Thank you!
Awesome, thanks for the fix 😉
Thanks for sharing this!
One more tip to add: if your site uses the ‘www’ subdomain, you have to remove ‘www’ from the URL or you will still receive an insecure connection error when the form is submitted.
Thanks for the tip, Ben!
Just wat I was looking for. A simple solution. Thanks so much. You rule!
HI, thanks for the guide but where i supposed to changing it with wordpress?
Hi Patrick,
Wherever the code is being used. If it’s in a plugin, you’ll have to contact the plugin’s developer to report the issue and the fix.
Hope this helps!
Thanks this was very helpful!
Glad it helped, Alonzo! 🙂
Joining the chorus of thanks here. This was a big help.
Cheers joakland 🙂
It’s now considered best practice to specify https:// instead of a “protocol relative” //. A few reasons: specifying https forces https always, which is more secure, and if it works (it does), might as well use it even on non-https websites. If you use //, it’s possible the insecure version http:// can be used… and that’s exactly what happened in my case before I switched to specifying https://
Good point, Joe! I added a note to the article.
Cheers,
Thanx a lot 🙂
Great tutorial!! Thanks
Helpful! Thank you for explaining and updating.
Still works, thx so much!
Hi, i’m still experiencing the same issue over my SSL site. the URL that was generated from mailchimp is https:// and has the “1” removed from the URL.
any suggestions?
thanks