Announcing our new API documentation!
Check it out here
Knowledge Base
/
SSL certificates on SiteDetour

How SSL certificates work on SiteDetour

SSL certificates are provisioned and renewed automatically for every redirect and custom link domain.

On this page:

Overview

SiteDetour provisions and renews SSL certificates automatically for every domain you onboard — whether it's a redirect source domain or a custom link domain for Smart Links and Landing Pages. Certificates are free, auto-renewing, and trusted by all major browsers. There is nothing to configure beyond pointing DNS.

How issuance works

Once DNS resolution shows your domain pointing at SiteDetour, the platform runs an automated domain-validation check to prove control of the domain and then installs a valid HTTPS certificate for it. The process is entirely hands-off on your side.

Certificate lifetime and renewal

Certificates renew automatically well before expiration. Renewal reuses the same validation flow as issuance, so as long as DNS still points at SiteDetour, renewals happen silently without any action from you.

Acquiring a certificate manually

On the redirect editor, the HTTPS Not Enabled indicator shows when no certificate is currently issued. Click Acquire SSL certificate to trigger issuance. The indicator clears once the certificate is live, typically within a few minutes.

For custom link domains, certificate acquisition happens automatically as soon as DNS is verified; there is no manual button.

Troubleshooting issuance failures

  • DNS not pointed. Certificate issuance requires the domain to resolve to SiteDetour's edge first. Fix DNS, then retry.
  • CAA records blocking issuance. If your domain has DNS CAA records restricting which certificate authorities can issue, SiteDetour's CA must be permitted. If you don't use CAA records you can ignore this; if you do, contact support for the value to add.
  • Proxy in Flexible SSL mode. Flexible SSL on Cloudflare or similar proxies terminates TLS at the proxy and speaks plaintext HTTP to the origin. This breaks automated renewal. Use Full or Full (Strict) SSL mode.
  • CDN caching or rewrites. Aggressive catch-all cache rules or URL rewrites at your CDN can interfere with validation. Temporarily disable catch-all rules while SSL provisions.
  • Repeated failures. If you've tested many times in a short window and exhausted retry allowances, wait an hour or two before trying again.

HSTS and SSL

If you've enabled HSTS (see HSTS and reverse proxy support), browsers enforce HTTPS for your domain for up to a year. A certificate outage is visitor-facing when HSTS is on; there is no HTTP fallback. Keep an eye on renewal status.

Enterprise requirements

If your organization requires a certificate from a specific CA or needs mutual TLS, contact support. Custom certificate and mTLS options are available on Enterprise plans.

Next steps

SiteDetour Logo
Join our newsletter to stay updated on features and releases.
By subscribing, you agree to our Privacy Policy and consent to receive updates from our company.
Thank you! Please check your inbox for a confirmation email.
Oops! Something went wrong while submitting the form.
Product
Support
Documentation
Find us
© All rights reserved. Sitedetour.com
Terms of ServicePrivacy Policy