ReadyStackGo
DE | EN

TLS & Certificates

Manage HTTPS certificates flexibly - from self-signed through custom certificates to Let's Encrypt with automatic renewal.

Flexible Certificate Management

ReadyStackGo provides comprehensive TLS/HTTPS support with various certificate options. Whether self-signed for development, custom certificates for internal use, or Let's Encrypt for production environments - you have full control.

Certificate Options

Self-Signed

Automatically generated on first start. Ideal for local development and testing.

Custom Certificates

Upload PFX or PEM certificates. Perfect for corporate CAs or purchased certificates.

Let's Encrypt

Automatic, free certificates with HTTP-01 or DNS-01 challenge.

Let's Encrypt Integration

ReadyStackGo supports automatic certificate issuance via Let's Encrypt with two challenge types:

  • HTTP-01: Simplest method. ReadyStackGo must be reachable on port 80.
  • DNS-01: For wildcard certificates or when port 80 is not accessible.

DNS-01 Providers:

  • Manual: TXT records displayed in the UI
  • Cloudflare: Automatic DNS entries via API

Reverse Proxy Support

Running ReadyStackGo behind a reverse proxy like nginx, Traefik, or HAProxy? No problem! The reverse proxy mode offers three SSL handling options:

SSL Termination

The proxy terminates SSL. ReadyStackGo receives HTTP. No certificate needed.

SSL Passthrough

The proxy forwards encrypted traffic directly. ReadyStackGo needs a certificate.

Re-Encryption

The proxy terminates and re-encrypts. Both sides need certificates.

Automatic Renewal

Let's Encrypt certificates are automatically renewed:

  • Background service checks every 12 hours
  • Renewal 30 days before expiration
  • Status and last renewal visible in the UI
  • Errors are logged and displayed

Forwarded Headers

In reverse proxy mode, X-Forwarded-* headers are automatically processed:

  • X-Forwarded-For: Detect real client IP
  • X-Forwarded-Proto: HTTPS detection for correct redirects
  • X-Forwarded-Host: Original hostname for URL generation

Benefits

  • Flexibility: Suitable solution for every scenario
  • Automation: Let's Encrypt with auto-renewal
  • Proxy-Ready: Seamless integration with edge proxies
  • UI Management: Everything configurable via the settings page

Documentation

A comprehensive guide with step-by-step instructions for all configuration options can be found in the TLS documentation.

Back to Home