SSL Certificates Explained: Why HTTPS Matters for Self-Hosted Apps
Every self-hosted app needs HTTPS. Here's what SSL certificates are, why they matter, and how automatic SSL works.
What Is SSL/TLS?
SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) encrypt the connection between a user's browser and your server. When you see the padlock icon in your browser's address bar, that's SSL at work.
Why HTTPS Matters
Security
Without HTTPS, data travels in plain text. Anyone on the same network — a coffee shop, an office — can intercept passwords, form submissions, and API keys. HTTPS encrypts everything.
Trust
Modern browsers show warnings for HTTP sites. Users won't trust an application that their browser flags as "Not Secure."
SEO
Google has used HTTPS as a ranking factor since 2014. HTTP-only sites are penalized in search results.
Functionality
Many modern web features require HTTPS: service workers, geolocation, clipboard API, WebRTC, and HTTP/2.
How SSL Certificates Work
1. Your server presents its certificate to the browser
2. The browser verifies the certificate is valid and trusted
3. They negotiate an encryption key using asymmetric cryptography
4. All subsequent data is encrypted with that key
Let's Encrypt: Free SSL for Everyone
Before Let's Encrypt, SSL certificates cost $50-200/year per domain. Let's Encrypt provides them free, and automatic renewal means they never expire unexpectedly.
Automatic SSL on TinyPod
Every application you deploy on TinyPod gets automatic HTTPS:
1. You deploy an app and get a subdomain (your-app.boilr.xyz)
2. Our reverse proxy (Caddy) automatically requests a Let's Encrypt certificate
3. The certificate is provisioned in seconds
4. Renewal happens automatically every 60 days
No configuration, no manual steps, no certificate management. Just deploy and your app is secure.
Custom Domains
When you add a custom domain, TinyPod automatically provisions an SSL certificate for it too. Point your DNS, and HTTPS is ready within minutes.