Enhance Documentation

# Let's Encrypt Certificates

# Overview

Every domain on a website (including staging websites) that has its DNS pointed to a server in your Enhance cluster will automatically request a Let's Encrypt SSL certificate (opens new window).

A certificate will be requested at the point of creation. It can take up to 5 minutes for a certificate to be provisioned, during this time a self signed certificate will be issued.

All Let's Encrypt certificates are issued for 3 months. Enhance will automatically request a new certificate 3 days prior to expiry.

When a Let's Encrypt certificate is requested it uses the servers own DNS resolver. In some cases, for example if the DNS has recently been update this may cause a delay in provisioning as the previous DNS will have been cached.

A Let's Encrypt SSL certificate is also automatically provisioned for mail.{customer_domain} on the server the mail is hosted.

# Request a Let's Encrypt Certificate

WARNING

In the case where a certificate fails to provision a backoff exists to help protect from rate limiting. After the first request failure, the frequency of requests will be limited in minutes to the number of failures squared.

A Let's Encrypt certificate can be manually be requested for a domain:

  1. Open Websites in the left sidebar
  2. Select the website you would like to request a certificate for
  3. On the website dashboard select Advanced then Security
  4. Scroll to SSL certificates
  5. Here you will see all existing SSL certificates for the domains on the website. Select the kebab menu and select Request Let's Encypt Certficate

# Troubleshooting

A Let's Encrypt certificate has not been issued

If a Let's Encrypt certificate has not automatically been issued to a website, please:

  1. Check the DNS points to a server in your cluster.
  2. If the website is a staging domain or a subdomain, ensure the parent domain resolves.

If you have completed the troubleshooting steps and the issue persist please, run "docker logs orchd" on your control panel server and send the output to support@enhance.com for further assistance.

Third party SSL certificates