Yes. Mailjet supports enabling the https protocol on open, click and unsubscribe tracking URLs using a simple one-click solution. Mailjet utilizes Let’s Encrypt with HTTP-01 challenges via your existing tracking CNAME record to issue a TLS certificate. This configuration also supports HTTP Strict Transport Security (HSTS).
Customized tracking link
You must first ensure that you have a customized tracking link setup, which you can read about here. In order to utilize HTTPS, you'll also need to ensure your CNAME record is pointing to t.mailjet.com.
Once your customized tracking link and CNAME record are in place, on the same page you'll notice a dropdown for HTTP/HTTPS:
Choose HTTPS from the dropdown. If you wish to update the URLs for images previously uploaded in your templates, ensure that the checkbox is checked and then click Update. (Keep in mind that this will not change existing URLs for campaigns, and this may take some time to update, be sure to not navigate away from the page to ensure this process completes). This will kick off a 3 step process; first we'll generate a Let's Encrypt TLS certificate for your tracking domain, then we'll switch the protocol for your URLs from HTTP to HTTPS, and at the same time, if you've chosen to via the checkbox, we'll update the URLs for your previously uploaded images on your templates. Give it a few moments to complete and then you're all set!
Cloudflare Proxy
If you are using Cloudflare to manage your DNS, you will need to turn off Cloudflare’s proxy for your CNAME record and ensure it's set to DNS only as we use the record to generate the certificate, renew the certificate, and to terminate TLS every time an https link is clicked.
CAA records
If you've published a Certification Authority Authorization (CAA) record for your apex or sub domain, you'll need to ensure it includes issue: letsencrypt.org so that we're allowed to generate a certificate for your subdomain. This record only needs to be at the subdomain level (that matches your track host) if you do not wish to alter this for your apex domain.
FAQ
What happens to my existing http links that were generated prior to enabling https?
Our servers will still listen on port 80 so previous tracking links utilizing http will still work.
What happens to my existing links if https is disabled?
We retain the generated certificate, so the links will still be valid.
Will Mailjet rotate the SSL certificates when required?
Yes, the certificates will be auto-renewed every 60 days, as per the Let's Encrypt recommendation.