Automatic SSL
Evessio issues SSL certificates for all event websites using: https://letsencrypt.org/
- Our certificates are automatically issued and are valid for 3 months
- Each certificate is automatically renewed
- Our SSL server conforms to all security best practices, you can test your domain via: https://www.ssllabs.com/ssltest/
OPTIONAL: Additional DNS CAA record control for issuing certificates for your domains.
If you operate CAA records as a policy, below is some additional information about how to configure it.
CAA creates a DNS mechanism that enables domain name owners to whitelist CAs that are allowed to issue certificates for their hostnames. It operates via a new DNS resource record (RR) called CAA (type 257). Owners can restrict certificate issuance by specifying zero or more CAs; if a CA is allowed to issue a certificate, their own hostname will be in the DNS record. For example, this is what someone’s CAA configuration could be (in the zone file):
| Name | Type | Value |
|---|---|---|
| yourdomain.com. | CAA | 0 issue "letsencrypt.org" |
| 0 iodef "mailto: notify@yourdomain.com" |
Certificates are issued by Letsencrypt.org, info on CAA: https://letsencrypt.org/docs/caa/
CAA record helper: https://sslmate.com/caa/
Certificate Generation
- When a new domain is pointed to the Evessio SSL server, the first visit to the website will trigger the creation process.
- Most browsers will trigger a security warning page (see Chrome example below)
- Click through this warning to arrive at the "Creating a secure environment" Evessio page
- After about 10-20 seconds you will be redirected to the site via https with the newly created certificate
Initiating certificate generation from a console
curl -k https://your-custom-domain.com/