Adding a Custom SSL Configuration for SendGrid

This is just an additional note for the how to setup custom SSL configuration to enable SSL click and open tracking.

This could be required when you switching your site to use HTTPS instead of HTTP. This manual will help if you can’t use CDN to setup the SSL for you site.

At this point, your site should be verified by SendGrid and you already use SSL for your site.


I have used Nginx as a proxy and Let’s Encrypt to issue an SSL certificate.

First of all, you need to remove the CNAME-record pointing to sendgrid.net and add a new A-record that should point the email.example.com domain to your Nginx proxy.

After that, you need to add the following Nginx configuration for the email.example.com domain. At this stage, you should already have the SSL certificate for your domain used on SendGrid.

server {
  listen 80;
  listen [::]:80;
  server_name email.example.com;

  # Force HTTPS 301-redirect.
  location / {
    return 301 https://email.example.com$request_uri;
  }
}

server {
  listen 443 ssl;
  listen [::]:443 ssl;
  server_name email.example.com;

  # Path to the SSL certificate.
  ssl_certificate /etc/ssl/fullchain.pem;
  ssl_certificate_key /etc/ssl/privkey.pem;
  ssl_trusted_certificate /etc/ssl/fullchain.pem;
  
  location / {
    # Forward traffic.
    proxy_set_header Host email.example.com;
    proxy_pass https://sendgrid.net;
  }
}

Don’t forget to test your Nginx configuration with nginx -t and if successful, restart the Nginx with service nginx restart.

Don’t validate the DNS record more than once, because after changing the CNAME, a second validation fails and the authentication stops working.