In this article we will cover the basics of how SSL works on Xervo and how Let's Encrypt works on our platform. If you are already familiar with SSL or you just want to know how it works on our platform, you can skip down to here.
I just want a free SSL cert
- Go to the web dashboard at my.xervo.io and select your project.
- Go to the 'administration' section of your project.
- Make sure your custom domain is added to the list of 'custom domains.'
- Select the orange button to enable Let's Encrypt. That's it. You're done.
Note: this will remove all existing SSL certs from your project.
This is so simple and EasyYes, this is very simple. We're glad you like the Let's Encrypt feature.
How Does SSL Even Work?
To keep things short, SSL, or Secure Sockets Layer is more or less a security protocol which establishes an encrypted link between a server and a client (i.e. a webpage and a web browser). SSL allows for information such as credit card numbers, PII (personally identifiable information), etc. to be transmitted securely without a 'man in the middle' eavesdropping. If you would like to know more there are plenty of great resources out there on how SSL works:
Wikipedia's Article on SSL / TLS
A Stack Exchange Conversation about SSL
Symantec / Norton Beginners Guide to SSL
How Does SSL Work on Xervo?
When you upload an SSL cert chain and private key we store that on a secure, replicated database. Once that SSL cert is added to your project all https traffic to your app is encrypted. In example, a request for your app (someone going to your custom domain) goes from the end-users web browser to one of our load balancers. The request from the load balancer asks one of our internal database where your app is located. That information is sent to the load balancer and then the load balancer routes the request to the location of your application on an application host which has your application on a servo. The response to the initial request from the client comes back to our load balancer which communicates with another internal database which tells the load balancer whether or not there is an SSL cert for your project. If there is an SSL cert for your project the load balancer retrieves that information from this secure database, establishes a secure connection with the client and then sends the response from the application to the client.
How Does Let's Encrypt Work on Xervo?
Let's Encrypt on Xervo follows the same logic as noted above, more or less. You select the option on the 'administration' panel of your project dashboard to enable Let's Encrypt. A request is made to Let's Encrypt to create an SSL chained cert. That information is handed back to our servers and is stored. Our server communicates with Let's Encrypt once a request hits our load balancer for your app. Our server confirms that there is a valid cert from Let's Encrypt and a secure connection is established. On the backend side of things our servers check at regular intervals whether or not your SSL cert from Let's Encrypt is expired. If the cert is expired our servers automatically renew the cert for you without any action needed.
I have more questions
We have more answers.
How does Let's Encrypt Work?You can find out how Let's Encrypt works here.
Does the SSL cert Expire?
Yes, but we automatically renew the SSL cert for you.
Does this cover wildcard SSL certs?Unfortunately Let's Encrypt does not provide SSL wildcard certs.
If you have *.MyDomain.com in your custom domains the Let's Encrypt SSL will not work.
If you need to change your custom domains make sure to restart the project after saving the updated custom domains.
Does this cover 'www' and the root domain?Yes, the Let's Encrypt certificate should work for your root/naked domain as well as your 'www' domain.
It doesn't work for me
If you are having trouble with getting Let's Encrypt working with your project please open a support request:
Submit a Support Request.
I found a bugThat's not good. Well, it's good that a problem was identified so we can fix it. You should open a support request with the bug description and reproducible steps. Our dev team will fix the bug as quickly as possible.
Submit a Support Request.