When SSL Click Tracking is enabled on a user account, this does not enable tracking on any sub-users. Sub-user accounts must enable SSL Click Tracking separately. Additionally, SSL Click Tracking is not enabled on a per-branded link basis. Users must setup a proper SSL configuration for all the branded links you have on a user account. This guide walks through some useful steps necessary when enabling SSL Click Tracking on an account.
Create an SSL Certificate
Twilio SendGrid can’t setup an SSL Certificate for you, but we do have documentation on 3 major Content Delivery Networks (CDNs). CDNs are a great option for handling security certificates for you, while quickly and easily serving content across multiple mediums. You may also check here for the steps for a custom SSL configuration.
For details on the actual creation and hosting of a SSL certificate, we recommend users reach out directly to their CDN/DNS provider. It is also important that the CDN then forwards all traffic on to sendgrid.net so we can ingest tracking details and resolve links to the correct location.
Point Link Branding domain to SSL certificate
Now that this SSL certificate is created you can now forward traffic to this cert. Just as you pointed the Link Branding CNAMEs:
sub.domain.com -> sendgrid.net
You can edit the DATA portion (sendgrid.net) in the domains DNS to point to the CDN handling your domains SSL certs. Only the first CNAME from the branded link needs to point to the CDN you are using.
Let SendGrid Support know you want SSL Click Tracking turned on
Before we can enable SSL Click Tracking, we have to ensure the following:
- The Link Branding is assigned to the user account you are requesting SSL Click Tracking on
- The Link Branding is pointing to your CDN, and not pointing at sendgrid.net.
- The Link Branding domain is terminating in a SSL connection correctly
Once SSL Click Tracking is enabled, you can check if SSL is terminating correctly by sending a test through your SendGrid account and including an HTTPS link to see if it resolves correctly. Alternatively, you can test your SSL connection at https://www.ssllabs.com/ssltest/
Content Delivery Networks
Content Delivery Networks are a great mechanism that you can use to serve up content very quickly and easily across multiple mediums as well as handle security certificates for you.
We suggest CloudFlare, Fastly, or KeyCDN when using Content Delivery Networks with SendGrid.
Using CloudFlare
The following instructions assume you already have a CloudFlare account made, using either a Full DNS setup or a CNAME setup. You can compare the 2 different setups here. Note that a CNAME setup is only available to Business or Enterprise level CloudFlare plans.
The instructions also assume that you have set up a valid branded link on your account. This step is essential for the following instructions to work.
Begin by logging into your CloudFlare account, and navigating to the DNS settings for your domain.
Add a new CNAME entry that points your configured branded link domain to sendgrid.net.
Once the record is created, click on the cloud icon under the Status column to turn it orange and enable HTTP proxy.
Next, navigate to the Page Rules settings for your domain. You will need to create a Page Rule for your branded link domain that sets SSL to Full. This is necessary due to how CloudFlare validates the certificate on the origin. You can find more information on the different SSL options here.
Ensure that the Page Rule is On.
If you are using a CNAME setup, you will also need to change DNS to point to the CloudFlare CNAME you created.
Once all of this is done, you will need to contact SendGrid support and request that SSL click and open tracking be enabled on your account. They will then verify the configuration and enable the setting on your account.