Skip to content
Klimb
Log in Start free

Automatic HTTPS Certificates

Every Klimb academy is served securely over HTTPS — the padlock in the browser that tells learners their connection is encrypted and your site is trustworthy. The best part: you never have to buy, install, or renew certificates yourself. This guide explains how Klimb’s automatic certificates work and what to do in the rare case something looks off.

HTTPS is automatic

For your default <slug>.klimblearn.com subdomain, HTTPS is on from the moment your academy exists — there’s nothing to configure.

For a custom domain, Klimb issues a TLS certificate automatically as soon as the domain is verified. Once you’ve added the DNS CNAME and verification succeeds, Klimb requests and installs a certificate behind the scenes. Certificates also renew automatically before they expire, so your academy stays secure indefinitely without any maintenance from you.

What to expect after verifying

After your custom domain verifies:

  1. Klimb begins the certificate request automatically.
  2. Issuance usually completes within a few minutes, though it can occasionally take longer.
  3. When the certificate is active, your domain loads with https:// and a padlock, and any http:// requests are redirected to the secure version.

During the short issuance window, you might briefly see a security warning if you visit before the certificate is ready — this is normal and clears on its own.

Troubleshooting

If your custom domain isn’t loading securely after a reasonable wait, work through these checks:

  • Confirm the domain is verified. In Settings → Domains in the Studio, make sure the status reads Verified. A certificate can’t be issued until verification passes.
  • Give it time. DNS propagation plus certificate issuance can take from a few minutes up to an hour. Wait, then refresh.
  • Check your DNS record. The CNAME must still point to the Klimb target. If you changed or removed it, the certificate can’t validate. Re-add it exactly as shown and re-verify.
  • Look for conflicting records. A pre-existing record on the same subdomain (for example, an old A record or a CAA record that blocks the issuing authority) can prevent issuance. Remove conflicting records, especially a restrictive CAA record.
  • Clear your browser cache or try an incognito window and a different device to rule out a locally cached warning.
  • Avoid proxying through another service. If your DNS provider offers a proxy/CDN toggle (such as Cloudflare’s orange-cloud), set the record to DNS-only so Klimb can validate and serve the certificate directly.

When to ask for help

If you’ve verified the domain, confirmed the CNAME, removed any conflicting or CAA records, and waited well over an hour but HTTPS still won’t issue, reach out to support with your domain name. We can inspect the issuance status and pinpoint what’s blocking it.

Keeping it secure long-term

Once issued, your certificate renews on its own — you’ll never get an expiry surprise. The one thing to remember: keep your DNS CNAME in place. As long as the record stays pointed at Klimb, your certificate keeps renewing and your academy stays secure. With HTTPS confirmed, you can check off the domain portion of your Launch Checklist.