SSL Certificates
Piora integrates Let’s Encrypt through Traefik to provide free SSL/TLS certificates for all your domains automatically, with no manual configuration required.
Automatic SSL Certificates
Section titled “Automatic SSL Certificates”How It Works
Section titled “How It Works”- When you add a domain to an application, Traefik automatically requests a certificate from Let’s Encrypt
- The HTTP-01 challenge is used to verify domain ownership
- Once issued, the certificate is automatically applied to the domain
- Certificates are auto-renewed 30 days before expiration
Certificate Details
Section titled “Certificate Details”| Item | Description |
|---|---|
| Certificate Authority | Let’s Encrypt |
| Certificate Type | DV (Domain Validation) |
| Validity | 90 days |
| Auto-renewal | 30 days before expiration |
| Cost | Free |
HTTPS Redirection
Section titled “HTTPS Redirection”Piora automatically redirects all HTTP requests to HTTPS by default:
http://app.example.com → 301 → https://app.example.comThis ensures all traffic is transmitted over encrypted connections.
Certificate Status
Section titled “Certificate Status”In the Piora dashboard, you can view the SSL certificate status for each domain:
| Status | Description |
|---|---|
| Valid | Certificate is active and working |
| Requesting | Currently requesting from Let’s Encrypt |
| Renewing | Auto-renewal in progress |
| Failed | Request or renewal failed |
Troubleshooting Certificate Failures
Section titled “Troubleshooting Certificate Failures”If an SSL certificate request fails, common causes include:
DNS Not Propagated
Section titled “DNS Not Propagated”Let’s Encrypt requires HTTP-01 validation. Ensure DNS correctly points to your VPS:
# Check DNS recordsdig +short yourdomain.com# Should return your VPS IPPort Not Open
Section titled “Port Not Open”The Let’s Encrypt validation process requires access to port 80:
# Confirm port 80 is opensudo ufw status# Ensure 80/tcp shows ALLOWRate Limits
Section titled “Rate Limits”Let’s Encrypt has rate limits:
- Maximum 50 certificates per domain per week
- Maximum 10 failed validations per IP per 3 hours
If you hit rate limits, wait before retrying.
Custom SSL Certificates
Section titled “Custom SSL Certificates”While Let’s Encrypt free certificates are sufficient for most cases, you can use custom certificates if you have special needs (e.g., EV certificates or wildcard certificates).
Uploading Custom Certificates
Section titled “Uploading Custom Certificates”- Prepare your certificate file (
.crt) and private key file (.key) - In the application’s SSL settings, select “Custom Certificate”
- Upload the certificate and private key
TLS Versions
Section titled “TLS Versions”Traefik supports TLS 1.2 and TLS 1.3 by default:
| TLS Version | Status |
|---|---|
| TLS 1.0 | Not supported (insecure) |
| TLS 1.1 | Not supported (insecure) |
| TLS 1.2 | Supported |
| TLS 1.3 | Supported (recommended) |
This ensures modern encryption standards and security.