HTTPS certificate management

Sudun TeamMay 5, 2026 at 12:00Estimated reading time 2 min

Speed Shield Network team

Help Center Domain Name Access to HTTPS Certificate Management

Sudun TeamMarch 11, 2026

In today's web environment, HTTPS is no longer an option. Sudun provides comprehensive SSL/TLS management, ensuring that data between users and our edge nodes is fully encrypted, building trust and improving security.

1. SSL/TLS encryption mode

Choose the appropriate encryption level based on your origin configuration:

Flexible mode: Your traffic to Sudun is encrypted (HTTPS), but Sudun connects to your origin server via HTTP. (Applies if the origin server is not configured with SSL).
Full (strict) mode: end-to-end encryption. Both user connections and connections to your origin are encrypted over HTTPS. (Requires a valid SSL certificate from the origin server).

2. Certificate deployment options

Sudun offers three ways to manage certificates:

A. Managed SSL (Auto-Generated)

Sundun offers free automated SSL certificates through Let's Encrypt or ZeroSSL.

Advantages: No need for manual uploads; Certificates automatically renew before expiration.
Requirements: Your domain name must be pointed to Sudun via CNAME for validation to be successful.

B. Custom certificate upload

If you have purchased a commercial certificate, such as an EV or OV certificate from DigiCert or Sectigo, you can upload it manually.

Go to .域名设置 > HTTPS
Upload your certificate (CRT/PEM format) and private key (KEY format).
Ensure that the certificate chain is complete to avoid the "Untrusted Connection" warning in the browser.

3. Advanced HTTPS settings

Once the certificate is activated, you can enable additional security features:

Always use HTTPS (forced redirect): Automatically redirect all HTTP requests to HTTPS (301 redirect).
HSTS (HTTP Strict Transport Security): Instructs browsers to interact with your site only over HTTPS for a specified amount of time.
Minimum TLS version: Select a security level (for example, TLS 1.2 or TLS 1.3). For maximum security, it is recommended to disable older versions such as TLS 1.0/1.1.

4. Troubleshoot common SSL issues

Certificate Mismatch: Ensure that the uploaded certificate matches your domain name exactly.
Certificate expiration: If using custom SSL, you must keep track of the expiration date and manually re-upload it. Managed SSL avoids this problem.
Incomplete certificate chain: If users see a security warning, make sure that the intermediate certificate is included when uploading.

Related docs

1. SSL/TLS encryption mode

Choose the appropriate encryption level based on your origin configuration:

Flexible mode: Your traffic to Sudun is encrypted (HTTPS), but Sudun connects to your origin server via HTTP. (Applies if the origin server is not configured with SSL).

Full (strict) mode: end-to-end encryption. Both user connections and connections to your origin are encrypted over HTTPS. (Requires a valid SSL certificate from the origin server).

2. Certificate deployment options

Sudun offers three ways to manage certificates:

A. Managed SSL (Auto-Generated)

Sundun offers free automated SSL certificates through Let's Encrypt or ZeroSSL.

Advantages: No need for manual uploads; Certificates automatically renew before expiration.

Requirements: Your domain name must be pointed to Sudun via CNAME for validation to be successful.

B. Custom certificate upload

If you have purchased a commercial certificate, such as an EV or OV certificate from DigiCert or Sectigo, you can upload it manually.

Go to .域名设置 > HTTPS

Upload your certificate (CRT/PEM format) and private key (KEY format).

Ensure that the certificate chain is complete to avoid the "Untrusted Connection" warning in the browser.

3. Advanced HTTPS settings

Once the certificate is activated, you can enable additional security features:

Always use HTTPS (forced redirect): Automatically redirect all HTTP requests to HTTPS (301 redirect).

HSTS (HTTP Strict Transport Security): Instructs browsers to interact with your site only over HTTPS for a specified amount of time.

Minimum TLS version: Select a security level (for example, TLS 1.2 or TLS 1.3). For maximum security, it is recommended to disable older versions such as TLS 1.0/1.1.

4. Troubleshoot common SSL issues

Certificate Mismatch: Ensure that the uploaded certificate matches your domain name exactly.

Certificate expiration: If using custom SSL, you must keep track of the expiration date and manually re-upload it. Managed SSL avoids this problem.

Incomplete certificate chain: If users see a security warning, make sure that the intermediate certificate is included when uploading.