To secure your custom domain, Foleon generates an SSL/TLS certificate — for free — and automatically renews it. The certificates we obtain for your Docs are issued by Let’s Encrypt. In this article, we show you how this works.
⚠️ If you've just successfully set up your custom domain, it will take a few minutes for the certificate to be active.
📖 Do you want to configure your SSL/TLS certificate manually? Learn more in our article Manually configure SSL/TLS for a custom domain.
In this article
What is SSL/TLS?
TLS, formerly known as SSL, keeps the connection between a web server and a browser encrypted and private. TLS also proves to visitors that you’re the owner of the hostname a Foleon Doc is published on.
To check if a connection is private, enter a URL into your browser’s address bar and check if it automatically navigates to HTTP or HTTPS.
In the example below, you can see that the connection of foleon.com is secure. The URL starts with HTTPS, and the address bar's lock icon also represents a safe domain.
✅ HTTPS — A certificate is installed, and the connection is private/secured.
❌ HTTP — No certificate installed, and the site’s connection is not secure.
If a certificate is not installed, it’s possible that visitors will see a message stating that the website is not secure and won’t be able to continue. In the example below, you can see what this message might look like in Google Chrome.
How we secure your Docs
When you go through the custom domain setup, the third step covers the SSL/TLS certificate.
The default — and recommended — option is to let Foleon secure your custom domain. We generate a Let’s Encrypt certificate (for free) and automatically renew it.
💡 Do you want to configure your SSL/TLS certificate manually? Learn more in our article Manually configure SSL/TLS for a custom domain.
About the Let’s Encrypt certificate
The SSL certificates we obtain for your Foleon Doc are free, 90-day, Domain Validated certificates issued by Let’s Encrypt. Let’s Encrypt allows organizations like Foleon to obtain and manage SSL certificates on behalf of their customers.
We use the HTTP-01 challenge — the most common challenge type today. Learn more on this topic in Let’s Encrypt’s official documentation.
Foleon supports the latest encryption protocols, TLS 1.2 and TLS 1.3. This means your data is protected with industry-standard security in your online sessions.
⚠️ Let’s Encrypt only offers Domain Validated (DV) certificates. We’re not able to provide Organization Validation (OV) or Extended Validation (EV) certificates
Certificate renewals
Each day, certificates due to expire within the next 30 days will automatically renew with a fresh 90-day certificate. There’s nothing you need to do to renew your certificate, and there is no impact on your live Foleon Docs site upon renewal.
FAQ
-
Is a Let's Encrypt certificate as safe as a certificate I install manually?
Absolutely. A Let's Encrypt certificate is just as safe as a manually created SSL/TLS certificate. Here are a few reasons why:
- Trusted accreditation ✅
Let's Encrypt is a highly trusted certificate authority that holds accreditation from major web browsers and operating systems. By adhering to strict industry standards and undergoing rigorous security audits, Let's Encrypt provides a reliable and secure certificate issuance process. - Robust encryption 🛡️
Both Let's Encrypt automated certificates and manually created SSL/TLS certificates utilize the same strong encryption algorithms, ensuring data confidentiality and integrity. Let's Encrypt guarantees the generation of certificates with comparable cryptographic strength to their manual counterparts. - Automated renewal ♻️
Let's Encrypt's automated certificate renewal process eliminates the risk of expired certificates and potential security vulnerabilities. By seamlessly managing the certificate lifecycle, Let's Encrypt ensures uninterrupted security without the need for manual intervention.
- Trusted accreditation ✅
-
What happens to my custom domain that has already been manually configured with my SSL/TLS certificate?
No action is required. Your SSL/TLS setup will remain unchanged until it expires. If you want to change to an automated setup, you can switch to this method in the custom domain setup wizard. -
What happens if I update our custom domain when I’ve chosen for the automated SSL/TLS setup?
No action is required. Custom domain updates will automatically trigger a new SSL certificate for the new custom domain.
-
I've set everything up, but I am receiving an SSL error on my Foleon Docs.
It can take a few hours for your DNS settings to be verified and a certificate to be installed. If your Foleon Doc is not secure and it's been more than 2 hours since you set your custom domain, please get in touch with your Support team.
-
I created a CNAME record correctly and pointed it to Foleon's servers at s1.foleon.com, but the DNS verification still failed. What can I try?
Create a CAA record for ‘letsencrypt.org’ in your domain provider’s DNS settings. Your current DNS settings might be blocking this one.
When the CAA is set to letsencrypt.org, it will ONLY allow certificates from the CA Let’s Encrypt. Certificates from GlobalSign, Comodo Group, etc., are not accepted.
With a CAA Lookup tool like https://www.entrust.com/resources/certificate-solutions/tools/caa-lookup, you can check whether a domain already has a CAA record set up in your DNS configuration.