SSL Certificates¶
SSL certificates encrypt the connection between the browser and the web server and are standard for every website today. enconf supports automatic SSL certificates via Let's Encrypt as well as the installation of custom certificates.
Overview¶
You can see the SSL status of your domains in the domain management:
| Status | Description |
|---|---|
| Active (Let's Encrypt) | Automatic certificate — renewed automatically |
| Active (Custom Certificate) | Manually uploaded certificate |
| Inactive | No SSL certificate configured |
| Expired | Certificate has expired — must be renewed |
Let's Encrypt (Automatic)¶
Let's Encrypt issues free SSL certificates that are renewed automatically.
Enable SSL¶
- Navigate to Domains
- Click on the desired domain
- Click Enable SSL
- The system:
- Checks whether the domain points to the server via DNS
- Requests a certificate from Let's Encrypt
- Configures Nginx for HTTPS
- Sets up automatic renewal
DNS Must Be Correct
The domain must point to your server's IP address via an A record (and/or AAAA record). Otherwise, Let's Encrypt cannot issue the certificate.
Automatic Renewal¶
Let's Encrypt certificates are valid for 90 days. The system renews them automatically before they expire — you do not need to do anything.
Renewal is handled by the certbot.timer service, which regularly checks whether certificates are about to expire.
HTTPS Redirect¶
After enabling SSL, an HTTPS redirect is automatically configured. All HTTP requests (port 80) are redirected to HTTPS (port 443).
Install Custom Certificate¶
If you want to use your own certificate (e.g. wildcard, extended validation, multi-domain):
- Navigate to Domains
- Click on the desired domain
- Click Install Custom Certificate
- Paste the following data in PEM format:
| Field | Description |
|---|---|
| Certificate | The SSL certificate (starts with -----BEGIN CERTIFICATE-----) |
| Private Key | The private key (starts with -----BEGIN PRIVATE KEY-----) |
- Click Install
Intermediate Certificates
If applicable, paste the intermediate certificate (CA bundle) directly below your server certificate in the same text field.
Disable SSL¶
- Navigate to Domains
- Click on the desired domain
- Click Disable SSL
- Confirm the deactivation
After deactivation:
- The website is only accessible via HTTP
- The HTTPS redirect is removed
- The certificate is removed from the server
Impact on Visitors
Search engines and browsers prefer HTTPS. After deactivation, visitors will see security warnings when accessing the website via https://.
Check Status¶
To check the SSL status of a domain:
- Navigate to Domains
- In the SSL column you can see the current status
- Click on the domain for details:
| Information | Description |
|---|---|
| Issuer | Who issued the certificate (e.g. Let's Encrypt) |
| Valid Until | Expiration date of the certificate |
| Domains | Which domains the certificate covers |
| Auto-Renewal | Whether automatic renewal is active |
Common Issues¶
SSL Activation Fails¶
| Problem | Solution |
|---|---|
| DNS does not point to the server | Check your DNS records with your domain registrar |
| Domain not reachable | Make sure port 80 is open (required for validation) |
| Rate limit reached | Let's Encrypt allows max. 5 certificates per domain per week. Wait and try again later |
| Too many subdomains | A single certificate can contain max. 100 domains |
Mixed Content¶
After SSL activation, "mixed content" warnings may appear if your website still loads HTTP resources (images, scripts, CSS).
Solution: Change all http:// URLs in your website code to https:// or use protocol-relative URLs (//).
Certificate Expired¶
If automatic renewal fails:
- Check whether the DNS records are still correct
- Try disabling SSL and enabling it again
- Contact your hosting provider if the problem persists