Chrome Mixed Content Compatability Guide
Google is planning to release a Chrome update that will automatically rewrite HTTP resources such as images to use HTTPS when they’re loaded on an HTTPS website. One of the impacts of this update is that HTTPS webmail users will have HTTP open tracking images rewritten to use HTTPS.
If you don’t have a valid certificate for a URL Domain, Chrome won’t be able to access the image from GreenArrow securely. This will cause the images hosted by GreenArrow to appear broken in the email, and the open won’t be tracked.
Additionally, any HTTP images in your email content hosted on non-GreenArrow servers that don’t also support HTTPS will be impacted.
You must take action on or before Google releases this update to make sure your emails are not impacted.
We recommend the following configurations for each URL Domain:
-
Add a valid TLS certificate to GreenArrow (required)
-
Enable TLS (HTTPS) URLs (optional, but recommended)
If you already have TLS certificates in place using the existing tools in GreenArrow or if you are not using GreenArrow’s click/open/unsubscribe tracking, then you should not encounter issues with Chrome’s changes. In this case, our recommendation is to take a few moments to verify your configuration, to be sure all of your URL Domains have valid certificates.
We also know that many customers don’t yet have these configurations in place, so we have released two new tools in GreenArrow Engine 4.1.284 and GreenArrow Studio 4.129.0 that allow you to manage this transition more easily.
Automatic TLS Certificate Configuration
GreenArrow can now generate free TLS certificates through Let’s Encrypt automatically. This can be enabled for any valid URL Domains configured in GreenArrow, and it works alongside any of your current certificates that you already have in place.
Automatic TLS certificate configuration is not enabled by default, so follow the steps to configure and enable the feature:
-
Upgrade to GreenArrow Engine 4.1.284 and GreenArrow Studio 4.129.0 or later.
-
Use Let’s Encrypt integration to get TLS certificates for URL domains
If you encounter issues with certificate configuration, then the greenarrow lets_encrypt_status command and HTTP server doc’s Troubleshooting section can be useful for identifying the problem.
Configure URL Domains to Always Use HTTPS
To future proof your open tracking, and improve compatibility with any interfaces that block HTTP content, we recommend using HTTPS for all image URLs. HTTPS can be used for GreenArrow hosted images, as well as all click, open, and unsubscribe URLs by enabling the url_domains_always_use_tls configuration option.
The url_domains_always_use_tls option applies to both SimpleMH and Studio. It’s available in GreenArrow Engine 4.1.284 and GreenArrow Studio 4.129.0 or later.
Non-GreenArrow hosted images
Any non-GreenArrow hosted images in your email content (images hosted by a service other than GreenArrow) may still be impacted by this, even if you have valid TLS certificates on all your GreenArrow URL Domains.
For any images you have hosted elsewhere, you will need to follow the instructions provided by that service provider to make sure they have valid HTTPS service.
We also recommend using HTTPS for all of your images instead of HTTP.