Step 3 - HTTPS/TLS
Deflect can automatically serve your website over an encrypted HTTPS connection. To learn more, :doc:`read this guide <../tls_support>`.
If your website already supports HTTPS connection you still need to configure TLS. You can use your existing certificates or generate new Let's Encrypt certificates for use on the Deflect servers. Please note that for TLS/HTTPS to work, your web server needs to support TLS encryption.
You will receive a warning message if your origin server does not support TLS. You will need to enable TLS on your origin before you can enable TLS on Deflect.
Public TLS Certificates
Deflect can automatically create and manage a free Let's Encrypt TLS certificate for your site. This option is recommended unless you have a specific requirement to use your existing TLS certificates.
Users can only make a secure HTTPS/TLS connection to your website once you have configured a TLS certificate on your origin server. It is important that the encrypted traffic from your users to the Deflect network is also encrypted from the Deflect network to your origin web server.
On your origin server, you can use a valid third-party certificate or generate a free Deflect-issued origin certificate bundle.