Using SSL certificates on your Hypernode

in Usage Tags: Service panelSSL

It is possible to make use of SSL certificates on your Hypernode. This way, your shop will become securely accessible using HTTPS.

SSL on Hypernode

Byte customers have three options to use SSL for their Hypernode plan(s):

  • Order an SSL certificate via Byte (recommended)
  • Upload your own SSL certificate
  • Request a certificate using Let’s Encrypt

We recommend purchasing an SSL certificate through Byte, because you’ll benefit from our managed hosting services.

When using a third party SSL certificate or Let’s Encrypt, you are responsible for implementing, maintaining and renewing the certificate. We cannot provide any support on custom SSL certificates and related issues.

Overview SSL certificates

Byte customers have an SSL overview in their Service Panel. Log in to your Service Panel with your customer number and password and select your Hypernode. Navigate to ‘SSL & DNS instellingen’ under tab ‘Hypernode’. Here you will find an overview of all available domains and link SSL certificates to your Hypernode. You can also buy SSL certificates here.

If you want to manage your own SSL certificates, choose ‘Beheer handmatig gekoppelde certificaten’. Here you find an overview which will show you all certificates purchased through Byte and custom SSL certificates. Certificates purchased through Byte will have a green check mark and the expiration date will say: Auto-renewal on, because we automatically renew your certificate.

Keep in mind:

  • Custom SSL certificates aren’t managed by Byte so a red cross will appear beneath ‘Managed by Byte’. The expiration date shows you when you should renew the certificate.
  • Let’s Encrypt certificates aren’t managed by Byte and not visible in the SSL overview either, as the certificates are locally managed using dehydrated

Ordering or requesting SSL Certificates

Buy an SSL certificate via Byte (recommended)

We recommend you to purchase an SSL certificate through Byte, because then you’ll benefit from our managed hosting services. Not only do we take care of the technical implementation of the certificate for you, we also renew and validate the certificate on time and provide customer support on SSL issues. This way your Magento shop will always have a secure connection.

Note: If you purchase your SSL certificate via Byte you will need an additional Presence or Presence Plus plan.

The steps below will help you to purchase an SSL certificate for your Hypernode:

  • Log in to the Byte Service Panel
  • Select your Hypernode plan
  • Click on the ‘Instellingen’ tab
  • Click ‘SSL & DNS instellingen’
  • Click ‘Koop SSL Certificaat’
  • Fill in the form and select what type of certificate you want
  • Agree with the terms and conditions
  • Click order

As soon as you SSL certificate is ordered, validated and installed, you can use it. We will email you once your certificate is received and installed.

When the certificate is ready and delivered by our SSL provider, you can easily add it to your Hypernode by visiting the ‘SSL & DNS instellingen’ overview mentioned here above. The domain for which you ordered a SSL certificate will now have a status ‘Beschikbaar’ in de ‘SSL Certificaat’ column. Simply choose ‘Installeren’ to add it to your Hypernode.

Our additional SSL Plus plan, which offers a dedicated ip address is not useful for hypernode, as hypernodes already use a dedicated ip address.

Add a Custom SSL certificate

Using a SSL certificate from a third party is a possibility to, although we don’t recommend it. When using a third party SSL certificate, you are responsible for implementing, maintaining and renewing the certificate.

When you purchase an SSL certificate via Byte, all this is done for you. Rather have us taking care of it? Read the steps under ‘Buy an SSL certificate via Byte’.

If you wish to upload your own custom SSL certificate, you will need a few .PEM files:

  • The unencrypted private key
  • The certificate
  • The CA certificate Chain file (Intermediate certificates)

To upload your custom SSL, follow the steps below:

  • Log in to the Byte Service Panel
  • Select your Hypernode plan
  • Click on the ‘Instellingen’ tab
  • Click ‘SSL & DNS instellingen’
  • Click ‘Beheer SSL Certificaten’
  • Click ‘Koppel handmatig een certificaat’
  • Fill in the Private Key, Certificate and Certificate Authority (only .PEM files)
  • Click ‘Volgende’
  • Check whether you uploaded the correct certificate
  • Click ‘Add certificate’

Once you’ve uploaded the certificate, you can add it to your Hypernode. See how this is done under ‘Link SSL certificates’.

Use Let’s Encrypt to retrieve a certificate

For the more technical equipped developers we provide Let’s Encrypt.

Let’s Encrypt is a way to order free SSL certificates through domain validation. This has a few limitations:

  • You are responsible for your own Let’s Encrypt certificates, we do not provide any support on Let’s Encrypt.
  • Let’s Encrypt does not provide wildcard and/or EV certificates
  • Let’s Encrypt SSL Certificates are only valid for a 3 months period.

See our documentation about configuring Let’s Encrypt on your Hypernode on how to setup Let’s Encrypt on your Hypernode.

Link custom SSL certificates to your Hypernode

In your Service Panel you’ll find an overview of all the SSL certificates linked to your Hypernode. Here you can link other certificates to your Hypernode.

Follow the steps below to link an SSL certificate to your Hypernode:

  • Log in to the Byte Service Panel
  • Select your Hypernode plan
  • Go to ‘Pakketbeheer’ and then to the section ‘Instellingen’
  • Click ‘SSL & DNS instellingen’
  • Click ‘Beheer SSL Certificaten’
  • Click ‘Link SSL certificate’
  • Select the certificate(s) you want to link to your Hypernode
  • Click ‘Link SSL certificates’

You’ll see the certificate is linked once it appears in the overview.

Keep in mind:

  • You can only link SSL certificates from plans at Byte where the Contractant role is the same as your Hypernode plan. Make sure these roles match!
  • You cannot link Let’s Encrypt certificates via your Service Panel as these certificates are managed locally on the node itself.

Forcing your entire shop to use SSL

You can easily force your entire shop to go over https using a simple redirect

How do I remove a custom SSL certificate from my Hypernode?

Removing an SSL certificate from your Hypernode is easily done via your Service Panel following the steps below:

  • Log in to the Byte Service Panel
  • Select your Hypernode plan
  • Navigate to the ‘Instellingen’ tab and click ‘SSL & DNS instellingen’
  • Click ‘Beheer SSL Certificaten’
  • Click the waste bin button on the right of the certificate you wish to remove
  • Click ‘Delete SSL certificate’

Your SSL certificate is now removed from your Hypernode. If you wish to add it again, simply go back to the overview page and click ‘Link certificate’.

Keep in mind:

Things to remember when using an SSL certificate

  • Don’t forget to point the DNS for your domain to your Hypernode. More information about how this is done can be found in the article DNS settings Hypernode.
  • You will need a storefront in Magento with a secure_base_url. Otherwise Magento will redirect you to the main store.

Limitations for multiple domains

There are some limitations when having SSL certificates for multiple domains on Hypernode. At Byte, each different domain will be served on a different IP address. The server knows which certificate to present to the browser. On Hypernode there is only one IP address available per node so this way of differentiating will not work.
To allow for multiple certificates per site, Hypernode uses a system called Server Name Identification or SNI. With SNI, the browser uses an extension of SSL to ask the server for a specific certificate. Unfortunately older browsers (most notably Internet Explorer on Windows XP and Android 2.2) do not support SNI and might be presented the wrong certificate.

SSL on your (non-www) naked domain

If Byte doesn’t manage your DNS, people that visit https://yourdomain.com directly, will get a certificate warning from the browser.
SSL certificates on Hypernode only work on https://www.yourdomain.com/. If Byte does manage your DNS, this will not be a problem.

For more information please read the article DNS Settings Hypernode

Enable SSL Stapling

To enable SSL Stapling for your SSL certificate, create the following configuration in /data/web/nginx/http.ocsp:

ssl_stapling on;
ssl_stapling_verify on;

5