Skip to main content
TLS (SSL) Certificates
Last update:

TLS (SSL) Certificates

To access objects in the container through your own domain over HTTPS, you must add a TLS (SSL) certificate. You can manage certificates through Control Panel or Selectel Storage API.

You can issue a certificate from any provider. When using Selectel DNS hosting, you can quickly issue a Let's Encrypt certificate. After each reissue of Let's Encrypt, the certificate must be added manually.

One certificate can be active for one domain. If multiple certificates are added for a domain, the last one loaded will be active. If the active certificate is deleted or expires, the previous certificate will be automatically activated (if it has not expired). After each reissue of Let's Encrypt, the certificate must be added manually.

TLS protocol

The Transport Layer Security (TLS) protocol is a new version of the SSL protocol and is used in conjunction with the HTTP protocol. When HTTP and TLS are used together, encryption, authentication, and data integrity are ensured.

For your information

We recommend using TLS protocol version 1.2 or higher. Versions below 1.2 are recognized as deprecated (more details at IETF website) and are not supported by the object store as of May 1, 2023.

You can see the version of TLS being used in the logs.

Learn more about setting up TLS version 1.2 in Amazon's documentation:

Add a certificate

Up to 100 certificates can be added as part of the project.

  1. In Control Panel, go to Object StorageSSL Certificates.

  2. Click Add Certificate.

  3. Enter a name for the certificate, it must be unique within the project.

  4. Add a master certificate:

    -----BEGIN CERTIFICATE-----
    <certificate.crt>
    -----END CERTIFICATE-----

    Specify <certificate.crt> — private key in PKCS#1 format.

  5. Add a private key:

    -----BEGIN PRIVATE KEY-----
    <private_key.key>
    -----END PRIVATE KEY-----

    Specify <private_key.key> — private key in PKCS#1 format.

  6. Click Add Certificate. The certificate is activated within five minutes.

Certificate statuses

in progressThe certificate is validated (up to five minutes). If the validation is successful the status will change to active and in case of an error the status will change to error
errorCertificate validation ended in an error, hover over the status to view the reason. Correct the error, remove the certificate and add it again
activeCertificate active
expiredCertificate expired. Remove the certificate and add a new one

Remove certificate

You cannot delete certificates that are in the process of being added.

  1. In Control Panel, go to Object StorageSSL Certificates.
  2. On the certificate line, click .
  3. Enter the name of the certificate and click Delete.