Skip to content

How to Configure TLS

This guide shows you how to set up and configure TLS (SSL) for your domain in Peakhour.

Before you begin: Review TLS Security Concepts to understand the different modes and their implications.

Access TLS Settings

  1. Navigate to your domain dashboard in Peakhour
  2. Click on the TLS link

Choose Your TLS Mode

Select the appropriate mode for your setup:

  1. In the TLS settings, choose from:
  2. Disabled: For HTTP-only sites
  3. Passthrough: To handle TLS at your origin server
  4. Enabled: To terminate TLS at Peakhour (recommended)

  5. Enabled + SSL client: For end-to-end encryption

  6. Click Save to apply your selection

Configure Your Certificate

For automatic certificate management:

  1. Ensure your domain is pointed to Peakhour
  2. Let's Encrypt certificate will be automatically provisioned
  3. TLS mode will automatically switch to "Enabled" once ready
  4. Renewal happens automatically every 90 days

Note: If you upload a custom certificate before pointing your domain, automatic Let's Encrypt provisioning will be disabled.

Option B: Upload Your Own Certificate

For custom certificates:

  1. Click on the Installed Certificate tab
  2. Prepare your certificate files:
  3. Private key file
  4. Certificate file (must include the full certificate chain)
  5. Upload both files using the interface
  6. Click Install to save

Managing uploaded certificates:

  • Download your certificate at any time
  • Replace your certificate when it expires
  • Switch back to Let's Encrypt if desired

Configure Cipher Settings (Optional)

To adjust cipher compatibility:

  1. Click on the Ciphers tab
  2. Choose a security level:
  3. Modern: Maximum security, recent browsers only
  4. Intermediate: Balanced security and compatibility
  5. Old: Maximum compatibility, legacy browsers
  6. Click Save

Verify Configuration

  1. Test your site with https://yourdomain.com
  2. Check certificate details in your browser
  3. Verify that your chosen TLS mode is working correctly

Troubleshooting

Certificate not installing: Ensure your certificate includes the full chain and matches your private key.

Let's Encrypt not provisioning: Verify your domain is correctly pointed to Peakhour and accessible via HTTP.

Legacy browsers can't connect: Switch to "Intermediate" or "Old" cipher settings in the Ciphers tab.