TLS/SSL Certificates

Greatly reduce the pain of creating and managing TLS/SSL certificates by letting Cycle manage them for you.

Generating and installing SSL Certificates has been an unnecessarily complex and painful process, and forgetting to update them could have disasterous consequences.

Since Let's Encrypt launched it's free, automated certificate authority in 2016, the problem of generating certificates has been mostly solved.

Cycle takes this a step further by introducing auto renewal and management of the certificates for your container. When deploying your container, select the "Enable Automated SSL Certificates" box, then choose the path to install them to. Cycle handles the rest! The certificates are renewed automatically, every 60 days. You'll never need to worry about expired certificates, and the subsequent website downtime, again.

You must have a domain associated with your container in order to generate a certificate.

Files Generated by Cycle

When you enable automatic certificate management for a container, it generates several files and installs them into the directory you set, or /var/run/cycle/tls by default. To utilize the certificates, your application will need to serve the files properly. This is specific to your application and will need to be added to your code. If you're using a framework such as express for nodeJS, there may be specific documentation on how to serve your certificates.

Cycle generates two of each of the following and installs them into the directory. One with the name current, and one with the domain name associated with the container.

  • current.crt
    [your domain].crt
  • current.bundle
    [your domain].bundle
  • current.key
    [your domain].key
  • current.chain
    [your domain].chain

For example, if your container domain is example.com, you'll have two .crt files, a current.crt, and example.com.crt. The 'current' files give you a way to abstract your code from the domain associated with it, but you may also wish to tie into the specific domain. Use whichever method is most appropriate for your application.

Associating an Email Address

By default, Cycle will use your account email to generate SSL certificates through Let's Encrypt. You can change this during project creation, under "Advanced Settings" on the finalize page.

Need Help?

If you've got questions about the platform or need some help getting started, our team is more than happy to assist. Whether you're new to containers or just new to Cycle, reach out to us via livechat by clicking the blue circle in the bottom right corner. Join our Slack channel, and get help from the dev team or other members of the community.