SSL Verification
How SSL Works with RndrKit
RndrKit uses Caddy with on-demand TLS to automatically provision SSL certificates for your custom domains. When a request arrives for a new domain, Caddy obtains a certificate from Let's Encrypt without any manual intervention.
This means you do not need to:
- Purchase or upload SSL certificates
- Configure certificate renewal
- Manage certificate files
Everything is handled automatically.
SSL Status
Your domain's SSL status is visible on the domain detail page in the dashboard. The possible statuses are:
| Status | Meaning |
|---|---|
| Pending | Domain was just added. Waiting for DNS to propagate. |
| Pending Validation | DNS is configured. Certificate is being provisioned. |
| Active | Certificate is issued and active. HTTPS is working. |
| Failed | Certificate provisioning failed. See troubleshooting below. |
Verifying SSL
Check in the Dashboard
The easiest way to check SSL status is on your domain's page in the RndrKit dashboard. The SSL status badge shows the current state of your certificate.
Check via Browser
Visit your domain in a browser using HTTPS:
https://www.example.com
Click the lock icon in the address bar to view certificate details. The certificate should be issued by Let's Encrypt and should be valid.
Check via Command Line
# Check the SSL certificate details
openssl s_client -connect www.example.com:443 -servername www.example.com </dev/null 2>/dev/null | openssl x509 -noout -subject -issuer -dates
This will show the certificate subject, issuer (Let's Encrypt), and validity dates.
Timeline
After DNS is correctly configured, SSL certificate provisioning typically follows this timeline:
- 0-5 minutes: DNS propagation begins.
- 5-15 minutes: Caddy detects the domain and requests a certificate from Let's Encrypt.
- 15-30 minutes: Certificate is issued and active.
In most cases, SSL is active within 15 minutes of DNS propagation.
Certificate Renewal
Let's Encrypt certificates are valid for 90 days. Caddy automatically renews certificates before they expire -- typically 30 days before expiration. You do not need to take any action for renewal.
Troubleshooting SSL Issues
Certificate Not Issuing
If your SSL status remains at Pending for more than 30 minutes:
- Verify DNS is correct:
dig www.example.com CNAME +short
# Should return: cname.rndrkit.io.
-
Check DNS propagation at whatsmydns.net to confirm the CNAME record is visible globally.
-
Cloudflare proxy: If using Cloudflare, ensure the proxy is disabled (gray cloud). Cloudflare's proxy intercepts the TLS challenge and prevents Let's Encrypt from issuing a certificate.
Certificate Failed
If SSL status shows Failed:
- The most common cause is DNS misconfiguration. Double-check your CNAME record.
- Let's Encrypt has rate limits. If you have made many certificate requests in a short period, you may need to wait before trying again.
- Ensure no firewall or security service is blocking Let's Encrypt's validation requests.
Mixed Content Warnings
If your site loads over HTTPS but the browser shows mixed content warnings:
- Your origin application may be referencing resources over HTTP. Update your application to use HTTPS or protocol-relative URLs.
- Check for hardcoded
http://URLs in your application code, stylesheets, or scripts.
Next Steps
Once SSL is active, your domain is fully configured. You can:
- Test bot rendering to verify pre-rendering is working
- View analytics to monitor crawler activity
- Warm your cache for important pages