How to Apply for and Use Domain Name SSL Certificates

In modern web development, enabling HTTPS (secured by SSL/TLS certificates) for your website has become increasingly important—even in local development environments. ServBay offers a convenient way to manage and apply SSL certificates, enabling you to simulate production settings, test security features, and ensure a smooth local development experience.

This guide will walk you through applying for, assigning, and managing SSL/TLS certificates in ServBay.

Introduction to Domain SSL/TLS Certificates

SSL/TLS certificates are digital certificates that verify server identity and encrypt data transmissions between clients (like browsers) and servers. With an SSL certificate installed, your site's address changes from http:// to https://, and a padlock icon appears in the browser address bar, indicating the connection is secure and encrypted.

Why Use HTTPS in Local Development?

• Simulate Production Environments: Many production systems enforce HTTPS. Using HTTPS locally better replicates these environments and helps prevent deployment surprises.
• Test Security Features: Some modern browser features (such as Service Workers, Web Authentication, Geolocation API, etc.) require a secure context (HTTPS). Using HTTPS locally allows you to test these features seamlessly.
• Avoid Mixed Content Warnings: If your site runs on HTTPS but loads resources (images, scripts, CSS) from HTTP sources, browsers will display mixed content warnings. By enabling HTTPS locally, you can catch and fix such issues in advance.
• HTTP/2 and QUIC: These modern protocols generally require HTTPS connections.

Applying for SSL Certificates via ServBay

ServBay supports two primary methods for obtaining SSL certificates: issuing locally trusted certificates using ServBay’s built-in CA (Certificate Authority) and obtaining publicly trusted certificates via the ACME protocol (such as Let's Encrypt).

Prerequisites

• ServBay has been installed and is running.
• The website that requires an SSL certificate is already created and configured in ServBay.
• For public certificates via ACME, DNS validation is required.

Step: Access the SSL Certificate Management Panel

Click "SSL Certificates" in the ServBay application's sidebar to enter the certificate management interface.

Method 1: Issuing Locally Trusted Certificates with ServBay CA

ServBay CA is ServBay's built-in Certificate Authority. Certificates issued by ServBay CA are only trusted on devices where ServBay CA is installed and trusted. This is ideal for local development, since you can easily trust ServBay CA on your development machines.

1. Click the Add Button: In the "SSL Certificates" page, click the "+" button in the upper right corner.
2. Fill in Certificate Details: On the "Request Certificate" page:
   • Common Name: Assign a descriptive name to the certificate for easy identification, such as ServBay Demo Website Cert.
   • Usage Purpose: Choose the certificate's purpose, typically TLS/SSL.
   • Request Method: Select ServBay CA.
   • Issuer: Choose ServBay User CA. ServBay provides a user-level CA for issuing local certificates.
   • Algorithm: Choose the encryption algorithm. ECC is recommended for its modern security and efficiency; if you need broader compatibility (e.g., with legacy systems), you can opt for RSA.
   • Key Length: Select the key length. For ECC, 384 is recommended; for RSA, 2048 or 4096 is advised. Higher key lengths are more secure but consume more computational resources.
   • Domain: [Important] Enter the list of domains you want to secure. These domains will be included in the certificate's Subject Alternative Names (SANs) field. For local development, you can use .servbay.demo domains (e.g., servbay.demo, myproject.servbay.demo) or any other domains configured in your local hosts file or in ServBay. Wildcard domains, like *.servbay.demo, are supported. Separate multiple domains with commas.
3. Click the "Request" Button: After confirming your information, click the "Request" button at the bottom.

ServBay will immediately issue the certificate using ServBay User CA and add it to your list.

(Example interface for ServBay CA certificate application)

How to Trust ServBay User CA?

In order for browsers and other applications to trust certificates issued by ServBay CA, you must install and trust the ServBay User CA root certificate on your operating system. ServBay usually handles this automatically during installation, or you can manually install it via the relevant options in ServBay's Settings. Once the CA is trusted, certificates issued for .servbay.demo or other configured domains will no longer show “Not Trusted” warnings on your device.

Method 2: Obtaining Publicly Trusted Certificates with ACME (Let's Encrypt)

ACME (Automated Certificate Management Environment) is a protocol for automated interactions with public CAs (like Let's Encrypt), allowing automatic issuance and management of free, publicly trusted SSL certificates. Certificates obtained this way are trusted by all major browsers and devices by default.

1. Click the Add Button: In the "SSL Certificates" page, click the "+" button in the upper right corner.
2. Fill in Certificate Details: On the "Request Certificate" page:
   • Common Name: Specify a descriptive name.
   • Usage Purpose: Choose TLS/SSL.
   • Request Method: Select ACME.
   • Issuer: Choose Let's Encrypt, ZeroSSL, or Google Trust Services (these represent public CAs that ServBay interacts with).
   • Algorithm: Choose the algorithm. ECC is recommended.
   • Key Length: Select the preferred key length.
   • Domain: [Important] Enter the list of domains for which you want a publicly trusted certificate. These domains must be public and you need to control them. ServBay will use the ACME protocol to verify domain ownership. Separate multiple domains with commas; wildcard domains are supported (Note: wildcards typically require DNS validation).
   • Email: Enter a valid email address, which is required by ACME for important notifications such as certificate expiry.
   • DNS Provider: Select your DNS provider for the public domain. This is used to automatically create DNS records required to validate domain ownership and issue your SSL certificate.
3. Click the "Request" Button: Once all information is correct, click the "Request" button at the bottom.

ServBay will initiate the ACME process, interact with your chosen CA, verify domain ownership, and obtain the certificate. This may take a few moments depending on the verification method and network conditions. When successful, the certificate will appear in your list.

Automatic Renewal of ACME Certificates:

Certificates requested via ACME are usually short-lived (e.g., Let's Encrypt certificates are valid for 90 days). ServBay automatically manages the renewal process, ensuring certificates are updated before expiry—no manual intervention needed.

Assigning and Using Certificates

Once you have the SSL certificate, assign it to a specific website in ServBay to enable HTTPS access.

1. Go to Website Management: Click "Websites" in ServBay's sidebar to see the website list.
2. Edit the Target Website: Find the desired site and click to edit.
3. Configure SSL: Locate the SSL/HTTPS configuration section on the website settings page.
4. Enable HTTPS and Select the Certificate: Enable HTTPS. From the certificate dropdown (for ACME certificates), choose the certificate you just obtained. The list will display the certificate’s common name and associated domains.
5. Save Settings: Save your website configuration.

Once saved, ServBay will reload the relevant web server configuration (such as Caddy, Apache, or Nginx) to activate the new SSL certificate. You should now be able to access your site via https://your-domain.

Certificate Management

Within the "SSL Certificates" panel, you can manage all your existing certificates.

Certificate Renewal

• ServBay CA Certificates: These typically have a long validity period (usually 800 days). Before expiry, locate the certificate in the list and click the renewal button (generally a refresh or loop icon) to renew manually. Each renewal extends the certificate's validity to the current date plus 800 days.
• ACME Certificates: ACME certificates (such as those from Let's Encrypt) are automatically renewed by ServBay, so manual intervention is unnecessary.

Certificate Export

You can export your SSL certificates, which is useful if you need to use the same ServBay CA certificate on another device or service (provided that device also trusts the ServBay CA).

1. Open the SSL Certificates panel.
2. Locate the certificate to export.
3. Click the Action icon: Click the export icon (usually a right arrow ➡️) beside the certificate.
4. Choose Export Directory: In the file dialog, select where the exported certificate will be saved.
5. Distribute the Certificate: The exported file is usually a ZIP archive containing the certificate file (.crt or .cer), private key file (.key), and relevant CA chain file. Distribute and install these files as needed.

Certificate Deletion

If a certificate is no longer needed, you can delete it.

1. Open the SSL Certificates panel.
2. Locate the certificate you wish to delete.
3. Click the Action icon: Click the trash can icon beside the certificate.
4. Confirm Deletion: Confirm in the popup dialog. Note: Deleting a certificate is irreversible. If the certificate is currently in use by a site, assign another certificate or disable HTTPS for that site first, or you may make the site inaccessible.

Frequently Asked Questions (FAQ)

Q: Why does my browser show "Not Trusted" for ServBay CA certificates?

A: By default, ServBay CA certificates are not trusted by operating systems or browsers. You need to install and trust the ServBay User CA root certificate on your development machine. Please refer to ServBay’s settings or documentation for instructions.

Q: My ACME (Let's Encrypt) certificate request failed. What should I do?

A: ACME requests usually fail due to unsuccessful domain validation.

• If you are using dns-01 validation, double-check that your TXT record at your domain registrar or DNS provider is correct and that it has fully propagated (DNS record changes may take time). Check ServBay’s logs for detailed error messages.

Q: Can I apply for a certificate covering multiple domains in ServBay?

A: Yes. When applying, enter multiple domains in the "Domain" field, separated by commas. This will create a SANs certificate covering all those domains.

Q: Which web servers does ServBay support? Are certificates configured uniformly?

A: ServBay supports Caddy, Apache, Nginx, and more. Its SSL certificate management interface is unified: the certificates you request can be used on any SSL-enabled site managed by ServBay, and ServBay will automatically configure the underlying web server.

Summary

ServBay provides a powerful and user-friendly SSL certificate management system for local development. With ServBay CA, you can quickly issue trusted certificates for your local domains, streamlining HTTPS development and testing. By integrating the ACME protocol, you can also apply for and manage publicly trusted certificates from Let's Encrypt, ZeroSSL, and Google Trust Services right within ServBay. Mastering these features will help you build more secure, modern web applications.

If you encounter issues when applying for or using certificates, refer to ServBay’s official documentation or community forums for further assistance.