Skip to main content
Certificates from Let's Encrypt®
Last update:

Certificates from Let's Encrypt®

If you issue a Let's Encrypt® certificate in the Secret Manager, DNS-01 validation will be performed automatically. Domain DNS records are stored in Selectel's infrastructure, so the service creates a TXT record for certificate issuance on its own. The service will track the expiration date of the certificate and automatically renew it 30 days before the expiration date. If you issue a certificate on your own, you will need to validate your domain and pass a verification process, and then renew the certificate every 60 days.

The certificate is valid only if project in which it was released.

Issue a Let's Encrypt® certificate

You can issue a Let's Encrypt® certificate that is valid:

  • only for the main domain or for the main domain and all its subdomains (Wildcard certificate);
  • for the subdomain only. The certificate will not be valid for the main domain.
carefully

After a Let's Encrypt® certificate is issued, the site, service or application will not automatically open over HTTPS — you need to download certificate and install it on your web server.

  1. Create an area for the domain in DNS hosting.

  2. Delegate the domain.

  3. In control panel go to Cloud platformThe manager of secrets.

  4. Open the tab Certificates.

  5. Click Add a certificate.

  6. Select Certificates from Let's Encrypt®.

  7. Enter the name of the certificate.

  8. Select the domain you delegated to DNS hosting in step 2.

  9. Optional: to add a subdomain to the certificate for the main domain, click Add an additional domain.

    Enter the name of the subdomain. To issue a Wildcard certificate, enter a subdomain of the form *.example.com

  10. Click Issue a certificate.

Download a Let's Encrypt® certificate

  1. In control panel go to Cloud platformThe manager of secrets.
  2. Open the tab Certificates → certificate page.
  3. In the block Certificate files Select a certificate, intermediate certificate chain, root certificate, and private key.
  4. Click Download.

View the status of your Let's Encrypt® certificate

  1. In control panel go to Cloud platformThe manager of secrets.

  2. Open the tab Certificates.

  3. Look at the status in the certificate row → column Status.

    ACTIVEThe certificate is valid and ready for use
    CREATINGCertificate issuance and secrecy preservation takes place
    RENEWINGThere are 30 days left until the certificate expiration date, automatic reissuance takes place
    INVALID

    The certificate is invalid for one reason:

    • signed incorrectly;
    • the certificate trust chain is broken (the root certificate could not be verified or the intermediate certificate has expired);
    • it is impossible to verify the certificate signature;
    • DNS-01 failed
    ERRORAn error occurred while issuing the certificate. Verify that your domain registrar has created NS records pointing to Selectel servers: a.ns.selectel.ru, b.ns.selectel.ru, c.ns.selectel.ru, d.ns.selectel.ru. If the problem persists, file a ticket