Managing your SSL certificate on CloudCannon requires you to host your Site through CloudCannon. If you are hosting your Site through an external service, please review their documentation on SSL certification.
By default, CloudCannon will automatically generate an SSL certificate for all Sites hosted on CloudCannon through ZeroSSL and Cloudflare. This can be a wildcard SSL certificate or a single-domain SSL certificate. These certificates renew every 90 days automatically, so your Site is never unsecure.
- Wildcard SSL certificate— A certificate that protects a single domain and all its subdomains (e.g., example.com and its subdomains blog.example.com, support.example.com, app.example.com, etc.).
- Single-domain SSL certificate — A certificate that protects a single domain. This is useful if you only have one CloudCannon Site, which is hosted on a subdomain.
Wildcard SSL certificates are not available for Sites hosted on a subdomain. If you have a CloudCannon Site hosted on your base domain, add a wildcard SSL certificate to that Site.
After adding an auto-generated SSL certificate, CloudCannon serves your Site over HTTPS. You can also redirect any users trying to access your website through the HTTP URL to the correct HTTPS URL.
Before you add an SSL certificate to your Site, you must add a Custom Domain to your Organization.
If you have recently added your Custom Domain to your Site, CloudCannon may need a few minutes to fetch your domain details before you can add an SSL certificate. If this process takes more than a few minutes, please contact our friendly support team.
To add an auto-generated SSL certificate to your Site:
- Navigate to the SSL tab on the Custom Domain page under Site Settings.
- Select a version number in the Minimum TLS Version dropdown.
- Select the DNS Text Record option from the Validation Method dropdown.
- (Optional.) If you are adding an SSL certificate to a Site hosted on your base domain, we recommend ensuring the Generate a wildcard certificate to enable SSL on *example.com checkbox is ticked. This option is not available for Sites hosted on a subdomain.
- Click the Update SSL button.
CloudCannon will add an auto-generated SSL certificate to your domain.
To switch between a wildcard SSL certificate and a single domain SSL, untick the Generate a wildcard certificate to enable SSL on *example.com checkbox and click the Update SSL button.
Add TXT DNS records#
This step is only required if you are using an external DNS provider and a CloudCannon auto-generated SSL certificate.
TXT record validation is a method of authenticating ownership of your domain, so unauthorized individuals cannot add an SSL certificate to your domain.
DNS TXT Records demonstrate control over a domain, as only authorized individuals should be able to update the records stored by your DNS provider. If you are using CloudCannon DNS, you do not need to add a TXT record, as CloudCannon will handle validation for you. If you are using an external DNS provider, you will need to add the two TXT records provided by CloudCannon to your DNS provider.
To use TXT record validation through an external DNS provider:
- Navigate to the Custom Domain page under Site Settings.
- Copy the two TXT records provided by CloudCannon.
- Log in to your third-party DNS provider.
- Add two TXT records to your DNS provider.
CloudCannon will validate your SSL certificate once the new DNS records propogate from your DNS provider. This could take up to 24 hours.
Redirect HTTP to HTTPS#
Once your wildcard SSL certificate is enabled, user can visit your Site on the more secure HTTPS URL. Any users who have copied or bookmarked the previous HTTP URL should be redirected.
To redirect visitors to HTTPS:
- Navigate to the Routing page under Site Settings.
- Ensure the Redirect all HTTP traffic to HTTPS checkbox is ticked.
- Click the Update Routing Details button.
CloudCannon will now reroute all visitors using the HTTP URL address to the correct HTTPS URL address.
