redirect.pizza automatically installs and renews SSL certificates for your domains. This makes sure your redirects keep working over both https:// and https://, without having to manage certificates yourself.
By default, we use the tlsserver profile from Let's Encrypt. Certificates issued with this profile are valid for 45 days.
If Let's Encrypt is unavailable, rate limited or unable to issue a certificate, we can automatically fall back to ZeroSSL. Certificates issued through ZeroSSL are valid for 90 days.
Short-lived SSL certificates
Customers on the Pro plan and up can opt in to short-lived SSL certificates.
This uses the shortlived profile from Let's Encrypt. Certificates issued with this profile are valid for 160 hours, which is just over 6 days.
Short-lived certificates are renewed much more often than regular certificates. This can be useful if you want certificates with a shorter lifetime and fully rely on automatic certificate renewal.
Available short-lived modes
When enabling short-lived certificates, you can choose between two modes:
- Preferred: redirect.pizza will try to issue a short-lived certificate first. If this fails, we will fall back to a regular certificate. This is the default and recommended option.
- Strict: redirect.pizza will only try to issue a short-lived certificate. If that fails, we will not fall back to a regular certificate.
Which option should I choose?
For most customers who want to use short-lived certificates, we recommend using Preferred.
This gives you the benefit of short-lived certificates when issuance works as expected, while still keeping a regular SSL certificate as a fallback if the short-lived certificate cannot be issued.
Use Strict only if you specifically require short-lived certificates and do not want redirect.pizza to issue a regular certificate as fallback.
What changes when using short-lived certificates?
Your redirects keep working in the same way. The main difference is the certificate lifetime and renewal frequency.
- Regular Let's Encrypt certificates using the
tlsserverprofile are valid for 45 days. - Short-lived certificates using the
shortlivedprofile are valid for 160 hours. - Because the validity period is much shorter, redirect.pizza renews these certificates more often.
You do not need to make DNS changes or manually renew the certificate. redirect.pizza handles the SSL process automatically.
When does the new profile take effect?
When you change the SSL profile for a domain, the existing certificate is not replaced immediately. The new profile will be used the next time the certificate is renewed.
This means the currently active certificate will stay in place until its next renewal period. After that, redirect.pizza will request the new certificate using the selected SSL profile.
Need help?
Not sure which SSL profile is best for your setup? Contact support via the chat or send us an email on support@redirect.pizza. We are happy to help.
