SSL Verification
How SSL Works with RndrKit
RndrKit automatically provisions SSL certificates for your custom domains. For www subdomains (the recommended setup), certificates are managed through Cloudflare. For apex domains, our TLS layer obtains certificates from Let's Encrypt on demand. No manual intervention is required either way.
This means you do not need to:
- Purchase or upload SSL certificates
- Configure certificate renewal
- Manage certificate files
Everything is handled automatically.
SSL Status
Your domain's SSL status is visible on the domain detail page in the dashboard. The possible statuses are:
| Status | Meaning |
|---|---|
| Pending | Domain was just added. Waiting for DNS to propagate. |
| Pending Validation | DNS is configured. Certificate is being provisioned. |
| Active | Certificate is issued and active. HTTPS is working. |
| Failed | Certificate provisioning failed. See troubleshooting below. |
Verifying SSL
Check in the Dashboard
The easiest way to check SSL status is on your domain's page in the RndrKit dashboard. The SSL Certificate card on the Settings tab shows the current state. While the certificate is being provisioned, a Verify SSL link is displayed next to the status — click it to re-check with our edge provider and update the status immediately. During initial onboarding, the Verify DNS button on the Setup Progress panel performs the same re-check.
Check via Browser
Visit your domain in a browser using HTTPS:
https://www.example.com
Click the lock icon in the address bar to view certificate details. The certificate should be issued by Cloudflare (for www subdomains) or Let's Encrypt (for apex domains) and should be valid.
Check via Command Line
# Check the SSL certificate details
openssl s_client -connect www.example.com:443 -servername www.example.com </dev/null 2>/dev/null | openssl x509 -noout -subject -issuer -dates
This will show the certificate subject, issuer, and validity dates.
Timeline
After DNS is correctly configured, SSL certificate provisioning typically follows this timeline:
- 0-5 minutes: DNS propagation begins.
- 5-15 minutes: The SSL provider detects the domain and provisions a certificate.
- 15-30 minutes: Certificate is issued and active.
In most cases, SSL is active within 15 minutes of DNS propagation.
Certificate Renewal
For apex domains, Let's Encrypt certificates are valid for 90 days and are renewed automatically 30 days before expiration. For www subdomains, Cloudflare manages certificate lifecycle automatically. You do not need to take any action for renewal.
Troubleshooting SSL Issues
Certificate Not Issuing
If your SSL status remains at Pending for more than 30 minutes:
- Verify DNS is correct:
dig www.example.com CNAME +short
# Should return: rndrkit.io.
-
Check DNS propagation at whatsmydns.net to confirm the CNAME record is visible globally.
-
Cloudflare proxy: If your DNS is on Cloudflare, set the record to DNS only (gray cloud). The orange cloud causes Error 1014 (CNAME Cross-User Banned) and prevents SSL provisioning.
Certificate Failed
If SSL status shows Failed:
- The most common cause is DNS misconfiguration. Double-check your CNAME record.
- Let's Encrypt has rate limits. If you have made many certificate requests in a short period, you may need to wait before trying again.
- Ensure no firewall or security service is blocking Let's Encrypt's validation requests.
Mixed Content Warnings
If your site loads over HTTPS but the browser shows mixed content warnings:
- Your origin application may be referencing resources over HTTP. Update your application to use HTTPS or protocol-relative URLs.
- Check for hardcoded
http://URLs in your application code, stylesheets, or scripts.
Next Steps
Once SSL is active, your domain is fully configured. You can:
- Test bot rendering to verify pre-rendering is working
- View analytics to monitor crawler activity
- Warm your cache for important pages