Custom Subscribe Form on https:// domain

I have a site running on an https:// domain. I have a email subscribe form on the site that uses the code generated by Campaign Monitor. The form looks like this:

<form action="" method="post" class="rssEmailSub">
   <input id="fieldEmail" name="cm-itbtjh-itbtjh" type="email" required />
   <button type="submit">Subscribe</button>

Where "MY-DOMAIN-INFO-HERE" is replaced with the correct domain name.

This form works, it allows me to enter an email address, submit the form, and have that email added to the subscriber list.

But Chrome warns me about submitting the data from a secure server to an insecure server.

After searching around, I found this article:

Create an HTML Subscribe Form

specifically this line:

To create a secure, encrypted form you can manually change the form action to use https:// instead of http://

So I changed it to https:// and attempted to fill out the form, and got a page that could potentially be scary to readers. That page had the following:

Your connection is not private

Attackers might be trying to steal your information from (for example, passwords, messages, or credit cards).

Now, since this is a website for a financial institution, a warning like this just won't do. And neither would messages about insecure form submissions.

Does that article need updated? Is there something else that needs done for secure connections?

davidaf davidaf, 2 years ago


Thanks for getting in touch! You might try instead using your * address in your form code:

Our SSL support isn't available for custom domains because we need to own the domain we set up the SSL certificate, but we can offer it for * URLs.

Give this a try and see if it works better for you! If you still have issues, be sure to get in touch with us at support. :)

The Campaign Monitor Blog – HTML email smarts to go with your good looks
jsites123, 2 years ago

Thanks. That was what I needed to fix it. :)

carlmanson, 5 months ago

Hi there,

We white label CM and offer it as an add-on to our clients. Changing the URL to your .createsend address exposes this. Is there a different way to do this where we can keep our domain visible to the client?

Thanks in advance.

See why 200,000 companies worldwide love Campaign Monitor.

From Australia to Zimbabwe, and everywhere in between, companies count on Campaign Monitor for email campaigns that boost the bottom line.

Get started for free