SSL Certificates & HTTPS: Complete Security Guide | Nife Docs
Understand SSL certificates, HTTPS encryption, and domain security.
What is SSL/TLS?#
Understanding HTTPS#
HTTPS (HyperText Transfer Protocol Secure) encrypts data between browser and server:
Without HTTPS (HTTP):
With HTTPS (HTTP + SSL/TLS):
SSL vs TLS#
- SSL (Secure Sockets Layer): Older protocol
- TLS (Transport Layer Security): Modern replacement
- HTTPS: HTTP with SSL/TLS encryption
- Modern browsers use TLS
- Term "SSL" still used commonly
Certificate Basics#
What is an SSL Certificate?#
A digital document that:
- Identifies your domain
- Verifies ownership
- Encrypts connections
- Proves authenticity
- Enables HTTPS
Certificate contains:
- Domain name
- Organization name
- Issue date
- Expiration date
- Public key
- Digital signature
Certificate Types#
Single Domain Certificate
Wildcard Certificate
Multi-Domain Certificate (SAN)
Automatic Certificate Provisioning#
How Nife Issues Certificates#
Nife automatically provisions SSL certificates for all domains:
Process:
- You add custom domain
- Nife verifies domain ownership
- Automatic certificate issued
- Certificate installed
- HTTPS enabled
Verification Methods:
- DNS verification (CNAME record)
- HTTP verification (temporary file)
- Email verification (to domain owner)
What's Included#
- โ Free SSL certificates
- โ Automatic renewal
- โ All custom domains covered
- โ Wildcard support
- โ Multi-domain support
- โ HTTPS enabled by default
Timeline#
Certificate Status#
Check Certificate Status#
In Nife dashboard:
- Go to Domains
- Find your domain
- Check SSL column
- Status shows:
- Valid: Working, encrypted
- Pending: Being issued
- Expired: Needs renewal
- Error: Issue with certificate
View Certificate Details#
In browser:
- Click lock icon in address bar
- Click "Certificate" or "Connection Secure"
- See certificate details:
- Issued to: (domain)
- Issued by: (authority)
- Valid from: (date)
- Valid until: (date)
HTTPS Enforcement#
Automatic Redirection#
HTTPS is automatically enforced:
Benefits:
- All traffic encrypted
- Transparent to users
- No configuration needed
- SEO boost (Google prefers HTTPS)
Mixed Content#
If page loads HTTP resources on HTTPS page:
Browser may:
- Block resources
- Show warnings
- Mark as insecure
Fix:
- Use HTTPS for all resources
- Use protocol-relative URLs:
//cdn.com/file.js - Server should rewrite to HTTPS
Certificate Renewal#
Automatic Renewal#
Nife automatically renews certificates:
Before Expiration:
- 60 days: Renewal begins
- 30 days: Final notice
- 7 days: Daily checks
- On expiration: Auto-renewed
You don't need to:
- Request renewal
- Provide anything
- Take any action
- Monitor expiration
Manual Renewal#
If needed, you can:
- Go to Domains
- Find domain
- Click Renew Certificate
- Certificate renewed immediately
Certificate Chain#
Understanding Certificate Hierarchy#
Certificate chains verify authenticity:
Browser verifies:
- Your certificate signed by intermediate
- Intermediate signed by root
- Root is trusted by browser
- All valid = green lock
Certificate Details#
View full certificate chain:
In Browser:
- Click lock icon
- Select "Certificate"
- View certificate hierarchy
- See all details
Common Details:
- Subject: Domain name
- Issuer: Certificate authority
- Valid From: Start date
- Valid To: Expiration date
- Signature Algorithm: Encryption method
Security Best Practices#
1. Always Use HTTPS#
- Never use HTTP for sensitive data
- Enable automatic redirects
- Use HTTPS for all pages
- Encrypt all resources
2. Test Certificate#
Before going live:
- Visit domain in browser
- Check for green lock
- Click lock for details
- Verify domain name
- Check expiration date
3. Monitor Expiration#
Although auto-renewal happens:
- Monitor certificate expiration
- Check renewal status
- Verify new certificate issued
- Test after renewal
4. Include Security Headers#
Add headers for extra security:
5. Update Links#
Update all links to HTTPS:
- Internal links
- External references
- Hardcoded URLs
- API endpoints
Certificate Issues#
Problem: Expired Certificate#
Symptoms:
- Red X on lock icon
- "Certificate has expired"
- Browser security warning
Solutions:
- Wait for auto-renewal
- Manual renewal in dashboard
- Check certificate status
- Refresh browser
Problem: Domain Mismatch#
Symptoms:
- Yellow warning
- "Subject does not match"
- Domain name error
Solutions:
- Verify domain is correct
- Add domain to certificate
- Wildcard for subdomains
- Request new certificate
Problem: Untrusted Certificate#
Symptoms:
- Red error
- "Untrusted authority"
- Browser refuses connection
Solutions:
- Verify certificate issuer
- Check certificate chain
- Request new certificate
- Contact support
Problem: Mixed Content#
Symptoms:
- Some resources load, others don't
- Browser warnings
- Insecure content blocked
Solutions:
- Change HTTP to HTTPS
- Use protocol-relative URLs
- Update content sources
- Check CDN settings
Certificate Information#
What Nife Provides#
- Type: Single domain
- Authority: Let's Encrypt or similar
- Encryption: 256-bit (industry standard)
- Renewal: Automatic before expiration
- Cost: Free
Certificate Authority#
Nife uses trusted, free authorities:
- Let's Encrypt: Non-profit, free
- DigiCert: Industry leading
- GlobalSign: Trusted authority
- All recognized by major browsers
Certificate Validation#
Level of validation provided:
- Domain Validation (DV): Domain ownership verified
- No Business Validation: Organization not verified
- Good for: Websites, applications
Wildcard Certificates#
When to Use Wildcard#
Use wildcard for multiple subdomains:
Requesting Wildcard#
If needed:
- Add subdomain with wildcard
- Nife provisions wildcard certificate
- All subdomains covered
- Single certificate for all
HTTPS Best Practices#
1. Always Redirect#
Redirect HTTP to HTTPS:
2. Use Secure Cookies#
3. HSTS Header#
Enable strict HTTPS:
4. Certificate Transparency#
Enable certificate monitoring:
- Google Certificate Transparency
- Get notifications of new certs
- Monitor for misuse
5. Test Regularly#
- Visit site in browser
- Check green lock
- Click for details
- Verify certificate
Next Steps#
- Adding Custom Domains - Domain setup
- Monitoring Domains - Track usage
- DNS Configuration - DNS setup
Support#
SSL/Certificate issues?
- Check sections above
- Verify domain setup
- Contact support: [email protected]