TLS Certificates

Using TLS

In the default configuration, the Web Accelerator redirects to HTTPS all requests received with HTTP. This is mandatory if the WAF function is enabled.

It is possible to manually install commercial certificates purchased by the customer, or to issue and renew them automatically with Let's Encrypt or other Certification Authorities that use the ACME protocol.

Managing Certificates with ACME

Normally, the Web Accelerator uses the HTTP-01 authorization mechanism to obtain certificates from Let's Encrypt. This requires that the domain already points to the Web Accelerator at the time of the request, so to avoid an outage, our staff can temporarily install a certificate retrieved from the backend and which will be automatically replaced in the following hours with a new one issued by Let's Encrypt.

If it is not possible to obtain a working certificate for a domain that is being transferred to the Web Accelerator, and you do not want to purchase a commercial one, it is possible to coordinate with our staff the request for a certificate to Let's Encrypt immediately after the DNS has been updated, in order to minimize the disruption for visitors.

If a Let's Encrypt wildcard certificate is requested, the DNS-01 authorization mechanism can be used by creating a record like _acme-challenge.example.com in the DNS zone:

_acme-challenge.example.com. ↩
    CNAME example.com.acme-wa.seeweb.it.