Topics

Dropdown Icon

Topics

Dropdown Icon

Search Results

Getting started

Introduction

Tutorials

Preparing An Application
Deploying an Application
Local Development

Installation

Command Line Interface
Development Rack Dropdown Icon
Production Rack Dropdown Icon

Configuration

convox.yml
Dockerfile
Agents
Environment Variables
Health Checks
Load Balancers
Logging
Private Registries
Service Discovery
Rack-to-Rack Communication
Rack Parameters Dropdown Icon Amazon Web Services Dropdown Icon
access_log_retention_in_days
availability_zones
build_node_enabled
build_node_min_count
build_node_type
cert_duration
cidr
convox_domain_tls_cert_disable
efs_csi_driver_enable
fluentd_disable
gpu_tag_enable
high_availability
idle_timeout
imds_http_tokens
internal_router
internet_gateway_id
max_on_demand_count
min_on_demand_count
nlb_security_group
node_capacity_type
node_disk
node_type
pod_identity_agent_enable
private
private_subnets_ids
proxy_protocol
public_subnets_ids
schedule_rack_scale_down
schedule_rack_scale_up
ssl_ciphers
ssl_protocols
syslog
tags
telemetry
vpc_id
Google Cloud Platform Dropdown Icon
Microsoft Azure Dropdown Icon
Digital Ocean Dropdown Icon
Volumes

Deployment

Custom Domains
Deploying Changes
Rollbacks
Rolling Updates
Scaling
SSL

Management

CLI Rack Management
Console Rack Management
Console RBAC
Deploy Keys
Direct Kubernetes Access
One-off Commands

Reference

Command Line Interface Dropdown Icon
Primitives Dropdown Icon
Quick-Apps Dropdown Icon

Integrations

Monitoring Dropdown Icon

Help

Changes
Known Issues
Support
Troubleshooting
Upgrading
Switch to Version 2 Documentation

convox_domain_tls_cert_disable

Description

The convox_domain_tls_cert_disable parameter allows you to disable the automatic generation of TLS certificates for the *.convox.cloud domain for your services. This can be useful when you are exclusively using custom domains and want to reduce the number of TLS certificates being generated and managed.

When enabled (set to true), Convox will not request or provision certificates for the default convox.cloud domains, which can help to stay within certificate quota limits and reduce certificate management overhead.

Default Value

The default value for convox_domain_tls_cert_disable is false, meaning Convox will automatically generate TLS certificates for default convox.cloud domains.

Use Cases

  • Certificate Quota Management: Avoid reaching Let’s Encrypt’s rate limits when you have many services and are only using custom domains.
  • Resource Optimization: Reduce resource usage related to certificate management when the default domains are not needed.
  • Custom Domain Environments: Streamline certificate management in environments where all services use custom domains exclusively.

Setting Parameters

To disable TLS certificate generation for convox.cloud domains, use the following command:

$ convox rack params set convox_domain_tls_cert_disable=true -r rackName
Setting parameters... OK

To re-enable certificate generation (if needed later), use:

$ convox rack params set convox_domain_tls_cert_disable=false -r rackName
Setting parameters... OK

Additional Information

  • This parameter only affects the default *.convox.cloud domains. Custom domains specified in your convox.yml will still have certificates generated.
  • For existing applications, you need to redeploy your app after changing this parameter to apply the new certificate configuration.
  • To verify certificate generation status for an application, you can run: 
    # Configure kubectl to point to your Convox rack
$ convox rack kubeconfig -r rackName > ~/.kube/config

# List certificates in your application namespace
$ kubectl get certificate -n rackName-appName
  • Disabling certificate generation for convox.cloud domains does not affect the functionality of your applications—they will still be accessible through their default URLs, but browsers will show security warnings due to the missing certificates.
  • Consider using this parameter in conjunction with custom domains for your services to maintain secure HTTPS connections.

Version Requirements

This feature is available in all recent versions of Convox.

Find
Home Product Pricing Enterprise Blog Documentation
Follow
LinkedIn X GitHub
Chat
sales@convox.com
© Convox 2024 / A Curious Company
Privacy Policy Terms of Use