SSL & HTTPS Setup
Overview
Kontenum supports two ways to enable HTTPS:
-
Manual Certificate Upload
Upload an existing SSL certificate issued by any trusted Certificate Authority.
-
Automatic HTTPS (ACME / Let’s Encrypt)
Let Kontenum automatically issue and renew certificates for your delivery domain.
Both methods result in certificates being managed centrally under Certificate Management.
Uploading an SSL Certificate (Manual)
Navigate to:
Certificates → Certificate Management → Upload Certificate
Required Fields
You will see three input fields:
-
Certificate (required) The public certificate file (usually
.crtor.pem). -
Private Key (required) The private key that matches the certificate.
-
CA Bundle (optional but strongly recommended) The intermediate certificate chain provided by your Certificate Authority.
Why CA Bundle Is Important
Although Kontenum automatically validates certificates against public root CAs, uploading the full CA bundle is highly recommended because:
- Some operating systems or browsers may have missing or outdated root CAs
- Incomplete chains may cause browsers to show “Not Secure” warnings
- Enterprise environments often rely on explicit intermediate chains
Best practice: Always upload the full certificate chain (certificate + intermediates).
After uploading, click Upload. The certificate will appear in the certificate list.
Certificate Management & Status
After uploading (or selecting an existing certificate), you will see detailed certificate information:
- Common Name (CN)
- Subject Alternative Names (SANs)
- Issuer (e.g. Let’s Encrypt)
- Expiration date
- Trust status (validated against public CAs)
- Fingerprint
You can also:
- Assign the certificate to one or more hostnames
- Mark a certificate as Default for eligible domains
- Replace or re-upload certificates before expiration
Certificate Expiration Reminder
Kontenum automatically monitors certificate expiration and sends reminder emails at:
- 30 days before expiration
- 14 days before expiration
- 7 days before expiration
- 1 day before expiration
These notifications are sent to the account email to help you avoid service disruption.
Automatic HTTPS (ACME / Let’s Encrypt)
Kontenum provides built-in ACME support using Let’s Encrypt for free SSL certificates.
How to Enable
In your Site settings, enable:
Automatic HTTPS Protection → Free SSL Certificate from Let’s Encrypt
The system will automatically go through these steps:
- Create a new ACME order
- Domain validation
- Generate CSR
- Certificate becomes active
ACME Validation Requirements
ACME uses HTTP-01 challenge, which has the following requirements:
- ✅ Delivery domain must NOT be a wildcard domain
- ✅ Delivery domain must already be active
- ✅ DNS must be configured correctly
DNS Requirement
Before enabling ACME, make sure:
- Your delivery domain has a CNAME record pointing to your Kontenum Site CNAME
- The domain is publicly reachable via HTTP
If DNS is not ready, validation will fail and the certificate cannot be issued.
Automatic Renewal
For Sites with ACME enabled:
-
Certificates are automatically renewed 7 days before expiration
-
Renewal notifications are sent:
- When renewal starts
- After renewal completes successfully
No manual action is required as long as DNS and site configuration remain valid.
ACME Certificates in Certificate List
All certificates issued via ACME:
- Appear in the Certificate Management list
- Are treated the same as manually uploaded certificates
- Can be viewed, assigned, or replaced like any other certificate
This ensures consistent management across all SSL methods.
Best Practices
- Use ACME for simplicity and automatic renewal whenever possible
- Upload full CA bundles for manually managed certificates
- Monitor expiration emails and renew early if managing certificates manually
- Avoid wildcard delivery domains if you want automatic HTTPS
If you encounter validation or trust issues, verify DNS configuration and certificate chain completeness before contacting support.