FAQ SSL

How can I make my site work with HTTPS?

See this manual for a detailed answer. 

Why can't I see a lock when I visit my website? 

Can you visit your website via HTTPS, by putting https:// in front of your domain name? Then there is a certificate installed. Probably you still have mixed content on your website. Take a look at this manual, and follow the steps to make your whole site work over HTTPS. An error message right away? Then there is no certificate installed yet. If the DNS from your domain to the right Savvii server is installed, it will take a while before you have a working certificate. This depends on the TTL of your DNS record. You can read more about that here. 

How can I force HTTPS? 

In order to give all traffic visiting your website a secure connection, you can force HTTPS. You can do this via admin.savvii.com. Before you can do this, make sure you see a lock as described above. The HTTPS force button will not work otherwise. 

Behind the website you want to edit, click on Manage in admin.savvii.com. There you go to the Domains tab.  

Here you will see an overview of all the domains that are linked to your package. You can only force HTTPS for aliases. Click on the toggle button under Force SSL behind the domain to enable it. It can take about 10 minutes before the change is processed on the server.  

How can I use my own certificate?  

The support desk can install your certificate for you. For this we need a .crt- and a .key file. Because these are confidential files, we would like to ask you not to send them to us by mail, but to upload them via sFTP to the /ssl folder. If you then indicate to the support desk that you have prepared the files, we can install the certificate for you. 

Can I add CAA records for Savvii's certificate? 

You can! With a CAA-record you give a certain Certificate Authority (CA) permission to issue SSL certificates for your domain. A DNS record with type CAA consists of three parts: 

• A flag indicating whether the record should be applied strictly or not. 0 is not strict, 1 is strict. 
• A property tag that indicates the role of this record. 
• The actual content of the CAA record. 

You can add three different CAA-records: 

• issue - indicates whether a CA can issue a certificate. 
• issuewild - indicates whether a CA can issue a certificate that works as a wildcard. 
• iodef - who should be emailed if there is a violation of the CAA record.   

Do you have Savvii's free certificate? Then you can fill in letsencrypt.org at issue. Did you buy a paid certificate from Savvii? Then you can use comodoca.com at issue. Please note that you only use issuewild if you actually use a wildcard certificate.  

What happens if my SSL certificate expires?

If you force SSL via admin.savvii.com, we check the validity of the installed certificates every day. If your own certificate expires, we automatically replace it with a free certificate from Let's Encrypt.  

If you have a paid certificate via Savvii, we will inform you two weeks in advance about the expiration of your certificate. You can then choose to extend it, or stop the service and have the certificate replaced by a free Let's Encrypt certificate.