Set up SSL for click tracking

Set up SSL for click tracking


Links in Leanplum emails are redirecting users to a "Your connection is not private" warning page.

(Note that this warning may look different in different browsers.)

What's causing this?

Links generated by Leanplum’s email service provider (ESP) are non-secure (http) by default. Some users may not have a problem with these links.

But, if a user has already been to the secure domain (https), that user's browser (Chrome, Safari, Internet Explorer) will likely cache the secure page. Once the secure page is cached in their browser, clicking a non-secure link from the email can cause the error page to appear.

How to resolve

To resolve this for all users, Leanplum supports SSL for click and open tracking through our ESP. You can set up SSL for click and open tracking at your link domain, but some additional configuration for SSL keys is required.

SSL (Secure Sockets Layer) is the standard security technology for creating an encrypted link between a web server and a browser, which ensures that all data passed between the web server and browsers remains private.

The flow looks something like this: > DNS CNAME > Web Server over SSL > Forwarding >

Step 1: Choose an SSL setup option

Option 1: Use a CDN service, such as CloudFlare, Fastly, or KeyCDN to manage certificates and keys for your assigned link domain, as well as the DNS CNAME and SSL domain forwarding to

Option 2: Create a custom SSL configuration. These services can then forward traffic onwards to SendGrid so that click and open tracking can be performed. See below for details on SendGrid's custom SSL setup steps. (Please work with your development team to ensure that your server is configured correctly.)

  1. Make sure your link domain is configured to forward to “” from within the web service.
  2. Create and add your SSL certificates to your web server (i.e., nginx-example.conf file).
ssl on;
  ssl_certificate /etc/nginx/ssl/example.crt;
  ssl_certificate_key /etc/nginx/ssl/example.key;
  1. Adjust your server configuration file to handle the Host header (i.e. nginx-example.conf file).
 location / {

   # Forward the Host header, which is used to route requests for
   # static content published from Example apps.
   proxy_set_header Host $http_host;
  1. Lastly, point the CNAME record to your proxy/web server via your domain registrar (e.g.,,, etc.)

Step 2: Inform Leanplum

Once the SSL setup is complete, please email [email protected] or update your existing ticket so that we can test and enable SSL click and open tracking with our ESP.

Did this page help you?