Skip to main content
TLS (SSL) Certificates
Last update:

TLS (SSL) Certificates

To access objects in the container through your own domain via HTTPS you need to add a TLS (SSL) certificate. You can manage certificates via control panel or Selectel Storage API.

You can issue a certificate from any provider. When using Selectel DNS hosting can be quickly released Let's Encrypt certificate. After each reissue of Let's Encrypt, the certificate must be added manually.

One certificate can be active for one domain. If multiple certificates are added for a domain, the last one downloaded will be the active one. If the active certificate will be deleted or it expires, the previous one will be automatically activated (if it has not expired).

TLS protocol

The Transport Layer Security (TLS) protocol is a new version of the SSL protocol and is used together with the HTTP protocol. When HTTP and TLS are used together, encryption, authentication and data integrity are ensured.

For your information

We recommend using TLS protocol version 1.2 and higher. Versions lower than 1.2 are recognized as deprecated (more information on IETF website) and are not supported by object storage as of May 1, 2023.

You can see the version of TLS being used in the logs.

Learn more about setting up TLS version 1.2 in Amazon's documentation:

Add a certificate

Up to 100 certificates can be added as part of the project.

  1. В control panels go to Object StorageSSL certificates.

  2. Click Add a certificate.

  3. Enter a name for the certificate, it must be unique within the project.

  4. Add a master certificate:

    -----BEGIN CERTIFICATE-----
    <certificate.crt>
    -----END CERTIFICATE-----

    Specify <certificate.crt> — private key in the format PKCS#1.

  5. Add a private key:

    -----BEGIN PRIVATE KEY-----
    <private_key.key>
    -----END PRIVATE KEY-----

    Specify <private_key.key> — private key in the format PKCS#1.

  6. Click Add a certificate. The certificate is activated within five minutes.

Certificate statuses

in progressThe certificate is validated (up to five minutes). If the verification is successful, the status will change to activeand, in case of error, to error
errorCertificate validation ended with an error, hover over the status to view the reason. Correct the error, remove the certificate и add it again
activeThe certificate is active
expiredThe certificate has expired. Remove the certificate и add a new

Delete certificate

You cannot delete certificates that are in the process of being added.

  1. В control panels go to Object StorageSSL certificates.
  2. On the certificate line, click .
  3. Enter a name for the certificate and click Delete.