SSL Certificates & HTTPS: Complete Security Guide | Nife Docs

Understand SSL certificates, HTTPS encryption, and domain security.

What is SSL/TLS?#

Understanding HTTPS#

HTTPS (HyperText Transfer Protocol Secure) encrypts data between browser and server:

Without HTTPS (HTTP):

Browser โ†โ†’ [plain text] โ†โ†’ Server
(Anyone can read data)

With HTTPS (HTTP + SSL/TLS):

Browser โ†โ†’ [encrypted] โ†โ†’ Server
(Only browser and server can read)

SSL vs TLS#

  • SSL (Secure Sockets Layer): Older protocol
  • TLS (Transport Layer Security): Modern replacement
  • HTTPS: HTTP with SSL/TLS encryption
  • Modern browsers use TLS
  • Term "SSL" still used commonly

Certificate Basics#

What is an SSL Certificate?#

A digital document that:

  • Identifies your domain
  • Verifies ownership
  • Encrypts connections
  • Proves authenticity
  • Enables HTTPS

Certificate contains:

  • Domain name
  • Organization name
  • Issue date
  • Expiration date
  • Public key
  • Digital signature

Certificate Types#

Single Domain Certificate

Covers: myapp.com only
Subdomains: NO (www.myapp.com won't work)
Cost: Cheapest
Use: Single domain

Wildcard Certificate

Covers: *.myapp.com (all subdomains)
Subdomains: YES
Cost: More expensive
Use: Multiple subdomains

Multi-Domain Certificate (SAN)

Covers: myapp.com, shop.com, blog.net
Subdomains: As specified
Cost: Varies
Use: Multiple domains

Automatic Certificate Provisioning#

How Nife Issues Certificates#

Nife automatically provisions SSL certificates for all domains:

Process:

  1. You add custom domain
  2. Nife verifies domain ownership
  3. Automatic certificate issued
  4. Certificate installed
  5. HTTPS enabled

Verification Methods:

  • DNS verification (CNAME record)
  • HTTP verification (temporary file)
  • Email verification (to domain owner)

What's Included#

  • โœ… Free SSL certificates
  • โœ… Automatic renewal
  • โœ… All custom domains covered
  • โœ… Wildcard support
  • โœ… Multi-domain support
  • โœ… HTTPS enabled by default

Timeline#

Day 1:
- Add custom domain to Nife
- DNS verification starts
5-10 minutes:
- DNS propagates
- Certificate issued
1 hour:
- Certificate fully active
- HTTPS enabled
- Green lock appears

Certificate Status#

Check Certificate Status#

In Nife dashboard:

  1. Go to Domains
  2. Find your domain
  3. Check SSL column
  4. Status shows:
    • Valid: Working, encrypted
    • Pending: Being issued
    • Expired: Needs renewal
    • Error: Issue with certificate

View Certificate Details#

In browser:

  1. Click lock icon in address bar
  2. Click "Certificate" or "Connection Secure"
  3. See certificate details:
    • Issued to: (domain)
    • Issued by: (authority)
    • Valid from: (date)
    • Valid until: (date)

HTTPS Enforcement#

Automatic Redirection#

HTTPS is automatically enforced:

http://myapp.com
โ†“
(redirect)
โ†“
https://myapp.com

Benefits:

  • All traffic encrypted
  • Transparent to users
  • No configuration needed
  • SEO boost (Google prefers HTTPS)

Mixed Content#

If page loads HTTP resources on HTTPS page:

Browser may:

  • Block resources
  • Show warnings
  • Mark as insecure

Fix:

  • Use HTTPS for all resources
  • Use protocol-relative URLs: //cdn.com/file.js
  • Server should rewrite to HTTPS

Certificate Renewal#

Automatic Renewal#

Nife automatically renews certificates:

Before Expiration:

  • 60 days: Renewal begins
  • 30 days: Final notice
  • 7 days: Daily checks
  • On expiration: Auto-renewed

You don't need to:

  • Request renewal
  • Provide anything
  • Take any action
  • Monitor expiration

Manual Renewal#

If needed, you can:

  1. Go to Domains
  2. Find domain
  3. Click Renew Certificate
  4. Certificate renewed immediately

Certificate Chain#

Understanding Certificate Hierarchy#

Certificate chains verify authenticity:

Root CA (Trusted Authority)
โ†“
Intermediate Certificate
โ†“
Your Domain Certificate

Browser verifies:

  1. Your certificate signed by intermediate
  2. Intermediate signed by root
  3. Root is trusted by browser
  4. All valid = green lock

Certificate Details#

View full certificate chain:

In Browser:

  1. Click lock icon
  2. Select "Certificate"
  3. View certificate hierarchy
  4. See all details

Common Details:

  • Subject: Domain name
  • Issuer: Certificate authority
  • Valid From: Start date
  • Valid To: Expiration date
  • Signature Algorithm: Encryption method

Security Best Practices#

1. Always Use HTTPS#

  • Never use HTTP for sensitive data
  • Enable automatic redirects
  • Use HTTPS for all pages
  • Encrypt all resources

2. Test Certificate#

Before going live:

  1. Visit domain in browser
  2. Check for green lock
  3. Click lock for details
  4. Verify domain name
  5. Check expiration date

3. Monitor Expiration#

Although auto-renewal happens:

  • Monitor certificate expiration
  • Check renewal status
  • Verify new certificate issued
  • Test after renewal

4. Include Security Headers#

Add headers for extra security:

Strict-Transport-Security
Content-Security-Policy
X-Content-Type-Options: nosniff
X-Frame-Options: DENY

5. Update Links#

Update all links to HTTPS:

  • Internal links
  • External references
  • Hardcoded URLs
  • API endpoints

Certificate Issues#

Problem: Expired Certificate#

Symptoms:

  • Red X on lock icon
  • "Certificate has expired"
  • Browser security warning

Solutions:

  1. Wait for auto-renewal
  2. Manual renewal in dashboard
  3. Check certificate status
  4. Refresh browser

Problem: Domain Mismatch#

Symptoms:

  • Yellow warning
  • "Subject does not match"
  • Domain name error

Solutions:

  1. Verify domain is correct
  2. Add domain to certificate
  3. Wildcard for subdomains
  4. Request new certificate

Problem: Untrusted Certificate#

Symptoms:

  • Red error
  • "Untrusted authority"
  • Browser refuses connection

Solutions:

  1. Verify certificate issuer
  2. Check certificate chain
  3. Request new certificate
  4. Contact support

Problem: Mixed Content#

Symptoms:

  • Some resources load, others don't
  • Browser warnings
  • Insecure content blocked

Solutions:

  1. Change HTTP to HTTPS
  2. Use protocol-relative URLs
  3. Update content sources
  4. Check CDN settings

Certificate Information#

What Nife Provides#

  • Type: Single domain
  • Authority: Let's Encrypt or similar
  • Encryption: 256-bit (industry standard)
  • Renewal: Automatic before expiration
  • Cost: Free

Certificate Authority#

Nife uses trusted, free authorities:

  • Let's Encrypt: Non-profit, free
  • DigiCert: Industry leading
  • GlobalSign: Trusted authority
  • All recognized by major browsers

Certificate Validation#

Level of validation provided:

  • Domain Validation (DV): Domain ownership verified
  • No Business Validation: Organization not verified
  • Good for: Websites, applications

Wildcard Certificates#

When to Use Wildcard#

Use wildcard for multiple subdomains:

Certificate: *.myapp.com
Covers:
- www.myapp.com
- api.myapp.com
- blog.myapp.com
- anything.myapp.com

Requesting Wildcard#

If needed:

  1. Add subdomain with wildcard
  2. Nife provisions wildcard certificate
  3. All subdomains covered
  4. Single certificate for all

HTTPS Best Practices#

1. Always Redirect#

Redirect HTTP to HTTPS:

http://myapp.com โ†’ https://myapp.com

2. Use Secure Cookies#

Set-Cookie: SessionID=xyz; Secure; HttpOnly; SameSite=Strict

3. HSTS Header#

Enable strict HTTPS:

Strict-Transport-Security: max-age=31536000; includeSubDomains

4. Certificate Transparency#

Enable certificate monitoring:

  • Google Certificate Transparency
  • Get notifications of new certs
  • Monitor for misuse

5. Test Regularly#

  1. Visit site in browser
  2. Check green lock
  3. Click for details
  4. Verify certificate

Next Steps#

  1. Adding Custom Domains - Domain setup
  2. Monitoring Domains - Track usage
  3. DNS Configuration - DNS setup

Support#

SSL/Certificate issues?