Bridge certs

To get a customer serving HTTPS through the WAF immediately, we issue a Sectigo cert via SSLStore and install it on Sucuri. This is the bridge cert.

Once onboarding is complete, Sucuri issues a long-term cert of its own for the domain and replaces the bridge. The bridge cert is no longer needed and should not need to renew.

Invariant

A customer still on a bridge cert weeks after onboarding completed is stalled — something prevented Sucuri’s cert pipeline from taking over. Investigate before letting the bridge cert renew.

certs table
SSLStore service

Bridge certs

Bridge certs

Invariant

Related