How do I use SSL on my domain(s)
Manage SSL for the domain(s) of an environment¶
You can set-up HTTPS for your application by going to your environment overview in the platform and selecting the Domain tab.
There you can add or remove an SSL certificate.
When adding SSL, there are two options
- Managed by Dropsolid, this will add a 'Let's Encrypt' SSL certificate for you.
- Providing your own SSL certificate and uploading it via the platform
In the case of external (non-dropsolid) servers: it is the customer's responsibility to get SSL set up and handle DNS
If you manage your own DNS, please configure your DNS records for the listed domains in this environment. Otherwise an SSL certificate can't be added.
If your domains do not all have the same SSL-label, something may have gone wrong trying to set them. If you have edit-permissions, you may use the 'retry'-button. If the problem persists, please contact the helpdesk.
Once you have installed the SSL certificate, you will have configured your application to redirect from HTTP to HTTPS.
Here it is important to set the X-Forwarded-Proto header so your application is aware it is behind a reverse proxy, htaccess snippet:
SetEnvIf X-Forwarded-Proto https HTTPS=on
I want to import my own custom certificate¶
To add your own custom certificate, when no SSL exists yet, you can go to the environment overview page and select the Domain tab on which you should see the Add SSL button.
Clicking the Add SSL button will open a form with a checkbox asking you if you want Dropsolid to manage SSL for you or if you want to provide your own custom SSL.
Make sure the checkbox Is SSL managed by Dropsolid? is not checked.
Then you paste your certificate (including the intermediate) in the first text field.
If you are unsure if the full chain is included in the correct format you can double check that with this useful tool:
In the second field you should paste your certificate private key.
Once this action is completed you can also double check if the certificate is added correctly here:
Now you can save your certificate and you will see a notification that a domain deploy is being executed. When this action is finished, your certificate will have been added.
I want Dropsolid to handle the certificate for me¶
The steps for this are very similar, you just make sure the checkbox Is SSL managed by Dropsolid? is checked and you can save the form.
I want to renew my certificate¶
If an environment already has an SSL certificate and it is about to expire, you can manually replace the current certificate by using the Renew SSL button and avoid downtime.
The process to renew a certificate, is similar to adding a new one. Clicking the Renew SSL button will open the same form as before, but with some slightly different options and instructions, depending on the type of certificate that is already present.
Custom certificates¶
If the current certificate was custom, you can still choose to switch over to one managed by Drupsolid or use a custom certificate. It is important to note that you need a new one to replace the previous certificate. Reusing the same one will have no effect.
Managed by Dropsolid¶
Certificates managed by Dropsolid (via Let's Encrypt) will auto-refresh automatically. So you don't have to use the Renew flow for that.
If for some reason you do want to force a refresh, you will have to use a custom certificate instead.
To avoid any errors, the Is SSL managed by Dropsolid? checkbox is disabled to give you only this option.
I want to remove a certificate¶
If for some reason you want to remove the SSL certificate on an environment, you can do so by clicking the Remove SSL button in the Domain tab instead of Renew SSL.
I require a Create Certificate Signing Request (CSR)¶
A CSR is an encoded file that provides you with a standardized way to send your public key along with certain details about your business and domain name. Most server software will ask you for certain details when you generate a CSR, including your certificate's common name (for example, www.example.com), the name of your business and where it is located (country, state/province, city/town), the key type, and the key size. It is also signed with the associated private key and includes the public key that will be in your certificate.
We suggest following the documentation provided by the entity where you will purchase the certificate from, for example Digicert has extensive documentation on how to generate the CSR on a variety of platforms:
Do I need to create the CSR on the same server the application is hosted?¶
No, you can generate this wherever (but please don't use online forms!). Make sure you keep track of your private key file after you create your CSR, as you'll need to upload that private key in the platform.
' fill='%235BE798'/%3E%3Crect x='16' y='250' width='16' height='140' transform='rotate(-180 16 250)' fill='%235BE798'/%3E%3Crect x='16' y='250' width='16' height='140' transform='rotate(-180 16 250)' fill='%235BE798'/%3E%3Crect x='91' y='16' width='16' height='283' transform='rotate(-90 91 16)' fill='%235BE798'/%3E%3Crect x='91' y='16' width='16' height='283' transform='rotate(-90 91 16)' fill='%235BE798'/%3E%3Crect x='91' y='16' width='16' height='283' transform='rotate(-90 91 16)' fill='%235BE798'/%3E%3C/svg%3E)