WPCloudDeploy Documentation

Managing SSL Certificates

Most of the websites you deploy will require an SSL certificate.  In WPCloudDeploy, your certificate can be automatically issued by LetsEncrypt.

Before you can request and install a certificate, you must make sure that your DNS (Domain Name Service) is configured to send visitors to the server where the website is installed.

Additionally, before attempting to enable SSL, we STRONGLY recommend that you turn off any proxy service such as CloudFlare BEFORE you try.  This is especially true if you have page rules that might redirect to another page or firewall rules that might prevent certain types of traffic.

When you have configured your DNS and taken care of any proxies, you can install your certificate as follows:

  • Go to WPCloudDeploy → Applications
  • Click on the site for which you need an SSL certificate
  • Click on the SSL tab
  • Click on the SSL Status toggle switch and then click the OK button on the confirmation message

If all goes well, the screen will refresh itself after about a minute or so.  You can click on the SSL tab again to confirm that the request was successful – the toggle switch should now be blue instead of gray.

If something goes wrong you will see a popup message to that effect.

You can view a full log of the server actions by navigating to WPCloud Deploy → SSH Log.  This will be particularly useful if the attempt to secure a certificate fails.

Remove A Certificate

If you ever need to remove a certificate:

  • Go to WPCloudDeploy → Applications
  • Click on the site for which you need an SSL certificate
  • Click on the SSL tab
  • Click on the SSL Status toggle switch and then click the OK button on the confirmation message

CloudFlare

Are you using CloudFlare?  If so, please review some of our CloudFlare notes if you’re running into issues:

Notes

  • We attempt to request two certificates – one for www.yourdomain.com and one for just yourdomain.com.  For a top-level domain, this should succeed for both requests.  If you’re requesting a certificate for a subdomain, only the second request will succeed.  As long as one of the requests succeeds and a certificate is acquired the operation will be considered a success.
  • LetsEncrypt has a limit to the number of times you can request a certificate for a single domain.  After that limit has been exceeded every request for that domain will fail until the timeout period has passed.  As of the date we updated this article, you have up to FIVE failed attempts per domain per hour (this may change in the future).  So, if you have tried more than twice to obtain an SSL certificate and both those attempts failed you might want to contact our support team before making any more attempts.  You can learn all the LetsEncrypt limits here.
  • Another LetsEncrypt limit to be aware of is the DUPLICATE CERTIFICATES limit.  You can only request a certificate for the same domain FIVE times within a one week period.  So if you’re doing a lot activations for the same domain because you’re testing stuff, that domain can be locked out for 7 days if you’re not aware of this limit.
  • If, for some reason, you have exceeded the LetsEncrypt limit requests for your domain and you have your domain name server on CloudFlare, you can try to use CloudFlare’s SSL options to temporarily provide a certificate for your site.  Once the LetsEncrypt timeout period has expired you can remove the temporary CloudFlare SSL and retry your SSL request.

Share: