HTTPS Status
TLS certificate health, HTTPS connectivity to the public URL, ACME/Let's Encrypt status, and certificate chain validation. Traefik terminates TLS using the configured certificate. This is the most common place to diagnose scanner connectivity failures caused by certificate issues.
Fields & Columns
| Name | Description |
|---|---|
| Certificate Type | Self-Signed (not publicly trusted), Custom (uploaded), or Let's Encrypt (automated, publicly trusted) |
| TLS Mode | The TLS configuration mode in use (e.g., self-signed, custom, acme) |
| Subject CN | Common Name from the certificate subject field |
| Issuer | Certificate authority that issued this certificate |
| Valid From / Valid Until | Certificate validity period with days remaining color-coded |
| SANs | Subject Alternative Names — hostnames and IPs the certificate is valid for |
| Fingerprint SHA-256 | Unique certificate fingerprint for verification |
| Public URL | The configured public HTTPS URL used for connectivity testing |
| Handshake Latency | Time to complete a TLS handshake — green under 500ms, yellow 500-1000ms, red over 1000ms |
| Publicly Trusted | Whether browsers and scanners accept the certificate without warnings |
| ACME Domain / Provider | Let's Encrypt domain and DNS provider when ACME is configured |
| Renewal Threshold | Days before expiry when ACME attempts automatic renewal |
| Chain Length / Chain Valid | Number of certificates in the chain and whether the chain validates correctly |
Gotchas
- Self-signed certificates will always show "Publicly Trusted: No" — scanners using self-signed certs must be configured to skip TLS verification.
- Days Remaining turns red at 7 days and yellow at 30 days. ACME certificates should auto-renew well before these thresholds.
- The ACME card only appears when Let's Encrypt is configured — it is hidden for self-signed and custom certificates.
- Certificate chain issues (missing intermediates) cause scanner connection failures even when the certificate itself is valid.
API Calls (1)
| Method | Path | Description |
|---|---|---|
| GET | /api/health/infra/https | Fetch certificate details, connectivity, ACME status, and chain validation |
Related Pages
- Overview — Architecture diagram shows HTTPS status indicator
- Proxy Status — Traefik terminates TLS using this certificate
- DNS — DNS resolution is required before HTTPS connectivity can be tested