Skip to content
Latchkey

What Is HTTPS? Encrypted HTTP Explained

HTTPS is plain HTTP carried over an encrypted TLS connection, so the data exchanged between client and server stays private and unaltered in transit.

When a URL begins with https, the request and response are encrypted before they leave your machine and decrypted only at the destination. This protects credentials, tokens, and payloads from eavesdropping and tampering. Because CI pipelines move secrets and artifacts across public networks, nearly every endpoint they talk to uses HTTPS.

What TLS adds to HTTP

HTTPS layers TLS underneath HTTP. TLS encrypts the traffic, verifies the server identity with a certificate, and detects tampering. The HTTP messages themselves are unchanged; they simply ride inside an encrypted tunnel.

The certificate check

During the handshake, the server presents an SSL/TLS certificate signed by a trusted authority. The client checks that the certificate is valid, unexpired, and matches the hostname before trusting the connection.

Why CI needs it

  • Secrets and tokens travel safely to deploy and registry APIs.
  • Artifacts cannot be tampered with in transit.
  • Webhook payloads arrive with integrity intact.

Common HTTPS failures in pipelines

Expired certificates, untrusted custom certificate authorities, or a missing CA bundle on the runner cause TLS handshake errors that read like "certificate verify failed". These are configuration issues, not transient blips, so retrying will not help.

HTTPS at deploy time

When a pipeline ships a web app, it usually terminates HTTPS at a load balancer or CDN that holds the certificate. The pipeline may also rotate or provision certificates as part of the deploy, so a stale certificate can break the live site even when the build passed.

Telling transient from permanent

A dropped HTTPS connection that resets mid-transfer is often transient and worth a retry; a "certificate verify failed" is permanent until fixed. Latchkey runners auto-retry the transient connection drops while surfacing genuine certificate errors clearly so you fix the real problem.

Key takeaways

  • HTTPS is HTTP inside a TLS tunnel that encrypts and authenticates traffic.
  • A valid, trusted, matching certificate is required for the connection to succeed.
  • Certificate errors are permanent and need fixing; dropped connections are usually retryable.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →