SSL: A Complete Read!

SSL is the protocol that provides a layer of security for connections between different devices in a network. You must have already setup a custom domain and configured DNS in order to enable SSL in your Statuspage.

Customers will be able to use their own SSL cert as well as the free cert provided by Atlassian, where, we dedicate a slot for them under our shared SAN certificate using LetsEncrypt. Currently, everyone has the ability to automatically provision free certificates after adding a custom domain to Statuspage. For adding their own certificate, they can refer to this community article: Custom SSL

To enable SSL, please follow the below steps:

1. Go to Your page > Customize page and emails.

2. Select the Customize status page tab.

3. Click Enable SSL.

If you’re looking to setup a custom domain, check out the steps here

Frequently Asked Questions:

Q. Who is our SSL certificate provider?

A: Let's Encrypt is our certificate provider.

Q. Can I use my own SSL certificate?

A: It is recommended to use the certificate issued by Statuspage as most of the certificate providers are not supported on our end. If you are planning to use your own SSL certificate, I would like to let you know that using your own SSL certificate is added as a feature request on our end - STATUS-444  

Adding to that, I would like to let you know that we are already caching Statuspages heavily using Cloudfront(CDN) with security integrations. However, if you would like to use your own CDN you can make use of the steps given in this article. Ensure that you are pointing to the URL <pagecode>.statuspage.io OR <subdomain>.statuspage.io

Note: Please note that the Statuspage FR is currently not publicly accessible. Therefore, for any product announcements or updates, keep an eye out on the Statuspage community page.

Q. Why did I get an email warning saying “SSL Certificate provisioning failure“?

A: We are planning to move all the domains behind CloudFront where we provide certificates directly to the pages. This is all part of the gev2 migration on our end. If you have mapped the DNS records pointing to the IP instead of the Domain, you might lose the domain during the migration process. If you have pointed the records to domain your custom domain <pagecode>.statuspage.io OR <subdomain>.statuspage.io will not be affected.

Q. What to do if my CNAME is setup & verified properly but I get the error?
”Your connection is not privateAttackers might be trying to steal your information from (for example, passwords, messages, or credit cards). Learn moreNET::ERR_CERT_AUTHORITY_INVALID”

A: This error generally comes when SSL is stuck and doesn’t get applied to the custom domain even after the CNAME is verified. Please try opening your Statuspage in a new browser or from a private window and check if you are seeing any sort of error for the certificate. In case the error still pops up.
Don't worry and reach out to us here and we’ll reapply the SSL from our side. This should resolve the issue

Q. Why did I see the error “This page is not working as expected.” even when I have verified DNS records and domain?

A: This might happen in case you have proxy enabled for your domain CNAME records that could be causing the custom domain to no longer resolve, as our system by default is unable to validate records behind a proxy. In such cases, please don’t panic we recommend checking with an incognito browser window or clearing your cache/cookies first. In case, this doesn’t work, reach out to us here to share the DNS records, Statuspage records & error screenshot and we’ll restart the SSL provisioning from our side for your domain. This will revalidate the records and resolve errors for your page.

Q. What to do if I want to swap my custom domain?

A: Sure, in case you decide to swap your custom domain, please raise a Support ticket with us providing the details and following the steps mentioned below:

Details required:

1. New Domain Name

Steps to follow:

1. Add the CNAME on the new custom domain on your DNS server as it is configured on your old domain.

2. To get CNAME record value → Open your terminal → Run “dig +short CNAME <custom-domain>”

   CNAME record will be in this format → <page_id>.stspg-customer.com

Once you confirm the CNAME is updated, we can verify this change on our backend and proceed further with the domain swap. We’ll keep you posted once the swap is successfully completed 

Q. I want SSL to be removed for all my pages. How can I go about it?

A: Once you decide to disable the SSL on your Statuspage, please provide us with the Statuspage URLs on which you wish to remove SSL and we’ll disable & update you at the earliest

Q. What is the minimum time for the SSL certificate to be renewed?

A: Our system will auto-renew the certificate every month, and each renewal will extend the duration of the certification for 3 months. 

Q. Why does my domain show multiple SANs?

 A: Our certificates are shared with 40 public pages per certificate. This would be an expected behaviour and more info can be found here.

 

In order to ensure that we continue to provide useful content, please let us know if this Article is helpful (Thumbs Up/Down). Also, to help us improve, feel free to provide additional feedback (directly in the community).