// SECURITY GUIDE · TLS / SSL
TLS / SSL Certificate
// WHAT IT IS
TLS (Transport Layer Security) encrypts the connection between your server and your users. Without it, passwords, session tokens, and form data travel in plain text, readable by anyone on the same network. A valid TLS certificate also proves your server is who it claims to be.
// WHAT WE CHECK
[CRITICAL]
HTTPS reachable: Site responds on HTTPS. HTTP-only sites fail this check immediately.
[CRITICAL]
Certificate valid: Certificate is issued by a trusted CA, matches the domain, and is not expired.
[HIGH]
Certificate expiry: Certificates expiring within 30 days are flagged — browsers show scary warnings to users.
[HIGH]
Protocol version: TLS 1.2+ required. TLS 1.0 and 1.1 are deprecated and vulnerable (POODLE, BEAST).
// HOW TO FIX
Use Let's Encrypt for free certificates. On Vercel, Netlify, or most modern platforms, TLS is handled automatically. For self-hosted servers:
# Install certbot and get a cert
sudo certbot --nginx -d yourdomain.com
# Auto-renew (add to crontab)
0 12 * * * certbot renew --quiet