Set up SSL for click tracking


Links in Leanplum emails are redirecting users to a "Your connection is not private" warning page.


(Note that this warning may look different in different browsers.)

What's causing this?

Links generated by Leanplum’s email service provider (ESP) are non-secure (http) by default. Some users may not have a problem with these links. But if their browser is not set to allow mixed content, they may see this error.

How to resolve

To resolve this for all users, Leanplum supports SSL for click and open tracking through our ESP. You can set up SSL for click and open tracking at your link domain, but some additional configuration for SSL keys is required.

SSL (Secure Sockets Layer) is the standard security technology for creating an encrypted link between a web server and a browser, which ensures that all data passed between the web server and browsers remains private.

The flow looks something like this: > DNS CNAME > Web Server over SSL > Forwarding >

Step 1: Choose an SSL setup option

Option 1: Use a CDN service, such as CloudFlare, Fastly, or KeyCDN to manage certificates and keys for your assigned link domain, as well as the DNS CNAME and SSL domain forwarding to

Option 2: Create a custom SSL configuration. These services can then forward traffic onwards to SendGrid so that click and open tracking can be performed. See below for details on SendGrid's custom SSL setup steps. (Please work with your development team to ensure that your server is configured correctly.)

Before creating а custom SSL configuration, you need to know your link branding domain - Email Success team ([email protected]) can assist with this information.

  1. Prepare a proxy (like a web application, NGINX, or Amazon API Gateway) to take all traffic for your click tracking host and forward it to or
  2. Set up the proxy to use HTTP or HTTPS. For HTTPS, provide a valid SSL certificate for click tracking host.
  3. To forward traffic, set the Host HTTP header to domain.
  4. Point the CNAME record to your proxy. For example, CNAME ->


Actual SSL configuration support

The SSL setup is done outside Leanplum, in a 3rd party environment. This is why we cannot provide support on actual setup steps. For support, you should reach out to the CDN/web host of your choice.

Step 2: Inform Leanplum

Once the SSL setup is complete, please email [email protected] or update your existing ticket so that we can test and enable SSL click and open tracking with our ESP. Please note that the SSL setup is not mandatory, but is highly recommended.