Use AutoSSL and custom SSL certificates

SSL can be enabled for apps using either AutoSSL or custom SSL certificates you provide.

AutoSSL

AutoSSL automates the use of free SSL certificates from Let’s Encrypt.

Add domains to an AutoSSL certificate

To include a domain in an app’s AutoSSL certificate:

1. Add the domain to your app.
2. Configure DNS for your domain to resolve to your server’s IP address.

Enable AutoSSL

To enable AutoSSL for your app:

1. Go to the Apps page in the dashboard and click on the name of the app.
2. Click on SSL.
3. Click on Enable AutoSSL.

With AutoSSL enabled, your app is available over HTTPS.

Using AutoSSL with Cloudflare

For domains using Cloudflare:

• The SSL certificate seen by web browsers will be the certificate provided by Cloudflare.
• The app’s AutoSSL certificate will be used to secure traffic between Cloudflare and your server.

Note

When using Cloudflare, instead of AutoSSL you can use a custom SSL certificate issued by the Cloudflare Origin CA. Certificates issued by the Cloudflare Origin CA are trusted by Cloudflare and are valid for up to 15 years.

To use AutoSSL with Cloudflare, do the following in your Cloudflare account:

1. If you’ve created a Page Rule to redirect HTTP requests to HTTPS, remove the rule. You can configure an HTTP-to-HTTPS redirect in ServerPilot after you’ve enabled AutoSSL.
2. Temporarily change the encryption mode to FlexibleSSL.
3. Create the following Page Rule:
   • URL: DOMAIN/.well-known/acme-challenge/*
   
   - Replace DOMAIN with your domain name.
   - Do not add http:// or https://.
   • Setting: Disable Security
4. Set the origin web server address to the IP address of your server.

Once your AutoSSL certificate includes your domain and you’ve enabled AutoSSL for your app, you can change your domain’s Cloudflare encryption mode back to Full or Full (strict).

Custom SSL certificates

If you already have a private key and certificate, you can directly add your custom SSL certificate without generating a key and CSR.

If you are purchasing a new SSL certificate from a Certificate Authority, you must first generate a key and CSR before your Certificate Authority can issue a certificate.

Add a custom SSL certificate

To add a custom SSL certificate:

1. Go to the Apps page in the dashboard and click on the name of the app.
2. Click on SSL.
3. Click on Add a custom SSL certificate or generate a CSR.
4. Paste your key and certificate into the SSL Key and SSL Certificate fields.
5. Click on Update SSL Key and Cert.

ServerPilot will automatically add the necessary intermediary CA certificates for your Certificate Authority. Alternatively, you can include the intermediary certificates provided by your Certificate Authority in the SSL Certificate field when adding your certificate.

Generate a key and CSR

To generate a key and CSR for a custom SSL certificate:

1. Go to the Apps page in the dashboard and click on the name of the app.
2. Click on SSL.
3. Click on Add a custom SSL certificate or generate a CSR.
4. Paste your key and certificate into the SSL Key and SSL Certificate fields.
5. Click on Update SSL Key and Cert.

Provide the CSR to the Certificate Authority that is issuing your certificate. The Certificate Authority will then issue your SSL certificate.

Redirect HTTP to HTTPS

To automatically redirect requests from HTTP to HTTPS:

1. Go to the Apps page in the dashboard and click on the name of the app.
2. Click on SSL.
3. Click on Redirect HTTP to HTTPS.

The redirect will use a 301 Moved Permanently status code.

HTTP/3 for apps with SSL

If HTTP/3 is enabled for a server, all SSL-enabled apps on the server will support HTTP/3.

See how to enable enable HTTP/3.

Note

HTTP/2 is enabled by default for SSL-enabled apps.