SSL Certificates and HTTPS
SSL allows you to serve your sites using HTTPS, giving your users a guarantee of data integrity and privacy when they visit.
We provide SSL certificates free and by default. All Divio sites can be accessed using the HTTPS protocol instead of plain HTTP.
Renewal
Certificates have a 90-day lifetime, and are renewed automatically 40 days before expiry.
Custom certificates
If you have your own certificate, this can be applied to sites with eligible subscriptions - just drop us a line and we'll set it all up for you.
Custom Import Notes
When uploading custom certificates, please note the following:
-
Separate files
Upload the certificate, private key, and intermediate Certificate Authority (CA) bundle separately. -
Unencrypted private key
Remove any passphrase from your private key before uploading. -
Strict PEM format
Ensure your PEM files contain only the encoded blocks, with no additional metadata, for example:-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
You can locally verify the certificate and chain using OpenSSL:
openssl verify -x509_strict -verbose -CAfile chain.pem cert.pem
A return value of OK indicates the certificate itself is valid.
HTTPS redirects
By default, we don't redirect HTTP users to HTTPS, because for some cases this might not be appropriate. However unless you have a good reason not to, we advise that you set this up for your site, so that when your visitors arrive on a url such as http://example.com/ they will be redirected to https://example.com/.
See further information in our domains documentation.