starred/altstack-data
1
0
Fork 0
mirror of https://github.com/altstackHQ/altstack-data.git synced 2026-04-17 19:53:12 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
2a0ac1b1072ca8cb723817f06680a8c0a8c7ea92
altstack-data/docs/app/concepts/ssl-tls/page.mdx
AltStack Bot 2a0ac1b107 Initialize public data and docs repository
2026-02-25 22:36:27 +05:30

57 lines
1.9 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
title: "SSL/TLS for Self-Hosters"
description: "HTTPS for your self-hosted tools. How SSL works, why you need it, and how to set it up with Caddy or Let's Encrypt."
---
# SSL/TLS for Self-Hosters
**SSL/TLS** is what makes the padlock appear in your browser. It encrypts traffic between your users and your server so nobody can snoop on it.
Every self-hosted tool accessible from the internet **must** have HTTPS. No exceptions.
## The Easy Way: Caddy (Automatic)
If you followed our [reverse proxy guide](/concepts/reverse-proxies) and are using Caddy, **you already have SSL**. Caddy obtains and renews Let's Encrypt certificates automatically for every domain in your Caddyfile.
No config needed. No cron jobs. No certbot. It just works.
> 🔥 **Pro Tip:** This is the #1 reason we recommend Caddy over Nginx.
## The Manual Way: Let's Encrypt + Certbot
If you're using raw Nginx, you'll need certbot:
```bash
# Install certbot
apt install certbot python3-certbot-nginx -y
# Obtain a certificate
certbot --nginx -d plausible.yourdomain.com
# Verify auto-renewal
certbot renew --dry-run
```
Certbot will modify your Nginx config automatically and set up a cron job for renewal.
## SSL Checklist
After setting up SSL, verify:
- [ ] Site loads on `https://` (padlock visible)
- [ ] `http://` redirects to `https://` automatically
- [ ] Certificate is from Let's Encrypt (click padlock → "Certificate")
- [ ] No mixed-content warnings in browser console
## Common Gotchas
**"Certificate not found"** → Your DNS hasn't propagated yet. Wait 510 minutes and try again.
**"Too many requests"** → Let's Encrypt rate-limits to 50 certificates/week per domain. If you're testing, use `--staging` flag first.
**"Connection refused on port 443"** → Port 443 isn't open in your firewall. Run: `ufw allow 443/tcp`
## Next Steps
→ [Backups That Actually Work](/concepts/backups) — Protect the data you're securing with SSL
Reference in New Issue View Git Blame Copy Permalink