Shared HTTPS Certificates Are a Thing of the Past

Ari Gold , Product Manager Reading estimate: 1 minutes

Pantheon's Managed HTTPS service now features fully dedicated certificates and an updated go-live experience. This is made possible in partnership with Let’s Encrypt and Fastly.

Managed HTTPS utilizes APIs from the non-profit Let’s Encrypt to provision and manage certificates, of which Pantheon is a proud sponsor. Those certificates are then deployed and enforced with end-to-end encryption via our Global CDN powered by Fastly’s distributed points of presence. Global CDN leverages Fastly’s globally distributed points of presence to enable sub-second page loads, all with zero required configuration. 

Dedicated Certificates

In the past, as many as 100 domains from various sites and customers were bundled together on a shared certificate. Now, every site environment on Pantheon receives its own unique certificate for HTTPS that is not shared with any other sites or customers. 

In our current environment, an online presence is more important than ever. With dedicated certificates, every site environment receives its own certificate for HTTPS. This means you won’t have to worry about potential negative impacts on brand reputation because your domain is associated with a different customer. 

Our team upgraded the underlying integration with Let’s Encrypt (from ACMEv1 to ACMEv2) and migrated everyone to dedicated certificates, all without customers needing to lift a finger, and with zero interruptions to HTTPS service. 

No More Insecure Launches

If you’re on the web, encryption is not an option which is why in 2019 we started enforcing HTTPS by default. Sites without HTTPS are even penalized with poor SEO results. As part of this upgrade, you now always have the option to configure HTTPS before going live, eliminating gaps in security for you or your visitors.

We’ve also added a new way to verify your domain to make it easier to launch, so in addition to the file challenge method, you can now verify domain ownership by simply creating a DNS TXT record. Add a new domain to a site dashboard to see the new interface. For more details see our Launch Essentials Guide.

Go Forth and Make Awesome!

Pantheon continues to provide Managed HTTPS and Global CDN free of charge and now all customers get dedicated certificates and additional options during go-live. Never worry about an expired certificate, because it's always free and automatically renewed.

Configuring HTTPS before go-live means no more insecure launches. Automating HTTPS is one more way Pantheon frees you to focus on getting business results from your sites.

Discover More

Confessions from a Serial Certifications Collector: Why Become WebOps Certified

Gregg Marshall
Reading estimate: 3 minutes

Pantheon’s WebOps Certification: Where It All Began and Why You Should Join

Steve Bresnick
Reading estimate: 6 minutes

Opt In Now For a Faster Build Pipeline on Front-End Sites

Steve Persch
Reading estimate: 2 minutes

Try Pantheon for Free

Join thousands of developers, marketers, and agencies creating magical digital experiences with Pantheon.