Skip to content

Feature

HTTPS by default

Every domain you point at SecureRedirector gets an automatically provisioned Let's Encrypt certificate. No manual ACME dance, no copy-pasting nginx configs, no expired-cert pages on a Saturday morning.

How provisioning works

When you add a domain in the management portal, the cron-driven provisioner picks it up within minutes and runs an install_new_site.sh step that:

  1. Generates an nginx site config from the SecureRedirector template, substituting your domain.
  2. Tests the nginx config and reloads nginx if the test passes.
  3. Calls certbot --nginx to provision the certificate via the HTTP-01 challenge.
  4. Adds HTTP/2 to the site config and reloads once more.

First-time provisioning typically completes inside two minutes. Subsequent runs are a no-op — existing sites are not overwritten by the cron.

Automatic renewal

Certbot installs a systemd timer that renews every certificate before expiration. Renewal failures are logged and surfaced in the deployment health-check output, so a broken renewal shows up in operations review before it shows up as a browser warning.

CDN compatibility

Domains validated over HTTP-01 work behind Cloudflare and other reverse-proxy CDNs. If your DNS points at a CDN first, you can still bring the domain online without breaking in-flight traffic — the validation goes through the proxy and back to SecureRedirector's origin.

What you don't have to do

Bring your own certificate (if you need to)

Some domains can't use Let's Encrypt — internal CA chains, EV certificates for high-trust contexts, or wildcard certs you manage centrally. For self-hosted deployments, you can drop your own cert and key into the nginx site config and disable the automated provisioner for that domain. Hosted plans handle this via support.

Talk to us about your setup.

Tell us about your domains and team size — we'll get back to you within one business day.