== Using a TLS certificate (using https) for your May First hosted site when using the Deflect caching service ==

We recommend enabling Lets Encrypt certificates for your site on both the May First hosting (origin) server and for the Deflect caching (edge) servers.

You can do this easily by following the 3 steps below. If you are not yet using the Deflect service, jump to step 2 to enable a certificate for your site from the May First control panel before enabling the Deflect service for you site. 

If you have already set up the Deflect service for your site then start from Step 1 and continue.

=== Step 1 === 

* Access the Deflect control panel for your site
* Navigate to the "HTTPS / TLS" tab 
* Under the "HTTPS / TLS configuration" header enable the option:
  * '''I want to encrypt connections to my website'''
* Under the "Public TLS Certificates" header  enable the option:
  * '''Use a free Let's Encrypt certificate'''
* Use the '''Save TLS configuration''' button to save your changes
* In the "HTTPS options" section enable the option:
  * '''Both HTTP and HTTPS''' ''This step is only temporary, we will change this again after making changes in the May First control panel.''
* Use the '''Save''' button to save your changes.

=== Step 2 ===

* Access the [https://members.mayfirst.org/cp May First control panel] for your site's hosting order
* Navigate to the "web configuration" tab
* Edit your web configuration and set the port to '''auto''' to enable a Lets Encrypt certificate for you site.

See the following instructions for more details: 

https://support.mayfirst.org/wiki/faq/security/setup-certificate

=== Step 3 === 

* Access the Deflect control panel for your site
* Navigate to the "HTTPS / TLS" tab 
* In the "HTTPS options" section enable the option:
  * '''Redirect all HTTP traffic to HTTPS'''
* Use the '''Save''' button to save your changes.