Enabling SSL on your app and domains
Hatchbox uses Caddy to seamlessly generate and renew SSL certificates
Updated
Hatchbox serves your applications behind the Caddy web server. Caddy uses LetsEncrypt to issue SSL certificates seamlessly.
LetsEncrypt certificates will be automatically renewed by Caddy in the background. This makes it painless to maintain SSL with your apps.
SSL for hatchboxapp.com subdomains
Every application is assigned a hatchboxapp.com subdomain for easy access. These will automatically have SSL enabled.
SSL for custom domains
To enable SSL for your own domains:
- Open the Domains & SSL tab of your Hatchbox app
- Add the domain(s)
- Ensure your domain has an A record pointing to the server's IP address
Wildcard SSL Certificates
Wildcard SSL certificates with LetsEncrypt require additional verification of domain ownership.
- Add the wildcard domain to your app's Domains & SSL tab. For example, "*.domain.com"
- Select your DNS provider in the Wildcard SSL Settings section below
- Add your DNS provider credentials and save them.
This will update Caddy's configuration with the API credentials so your domain can be verified by LetsEncrypt. Once verified, Caddy will be able to issue a certificate for the wildcard domain.
You can view the Caddy logs on your server to check for errors.
Custom SSL Certificates
If you wish to use your own SSL certificate, you can upload it on the Domains & SSL tab of your app under the Custom SSL Certificate section.
You will need to provide the full SSL certificate chain and the private key.
Since these certs cannot automatically be renewed, you will want to monitor the expiration for these certificates and upload new ones before they expire.