Improved SSL certificate generation

We’ve just revamped how SSL certificates are generated on Write.as, so getting new custom domains online should be much smoother now!

Our previous process, which could involve some delay while we checked your domain, has been replaced by an on-demand process, which creates the certificate on the very first visit to your site. So, after setting up your custom domain, you might notice a minor delay on your first visit as we create the certificate for the very first time. However, after that, the site will load quickly for everyone.

Troubleshooting

There are certain issues that might come up during setup with our new infrastructure.

ERR_SSL_PROTOCOL_ERROR during setup

If you see this error for your custom domain on Write.as, you simply need to set the domain in your blog’s settings.

Screenshot from 2020-12-02 16-30-17

You can do this by going to your Blogs page, clicking Customize under the blog you want to modify, and adding the domain in the Custom domain field. Once you’ve done that, refresh your site to automatically generate the certificate.

CloudFlare

This new process should work for the vast majority of setups and DNS providers. However, if you use CloudFlare, you’ll need to disable their traffic proxy feature and use them for DNS only.

To do this, navigate to the DNS tab in CloudFlare. Next, click Edit next your domain, and ensure that the “Proxy Status” says DNS only. (If it shows an orange cloud that says “Proxied,” simply click the cloud to change the status.)

Save these changes, and after a short bit of time your site will work correctly!

We know that some users want the additional protection offered by CloudFlare. If you do, just get in touch with us @support so we can discuss a paid plan with CloudFlare support included.

For any users currently using CloudFlare’s protection on their Write.as site, we’ve made the changes necessary to keep your site live, as part of your Pro subscription. But in the near future, we’ll get in touch to discuss changes needed on your end.


Please let us know if you notice issues with your site after today’s changes, or if you have any other questions!

1 Like

Hi there,

Are you able to share more about how you generate SSL certs for custom domains? Is it a custom solution you guys built or an off-the-shelf like KiloSSL?

Thanks,
James

Sure thing! We had a custom solution in place for the past several years, and now we’ve switched to Caddy.

Our original solution periodically checked each domain we hosted, then generated a new Nginx configuration for the site plus the certificate via Let’s Encrypt. Now we’ve replaced Nginx with Caddy as our reverse proxy server, and get all of that certificate management for free, in a more stable package.

1 Like