Certificates from Let's Encrypt®

Last update: September 26 2024

Certificates from Let's Encrypt®

If you issue a Let's Encrypt® certificate in the Secret Manager, DNS-01 validation will be performed automatically. Domain DNS records are stored in Selectel's infrastructure, so the service creates a TXT record for certificate issuance on its own. The service will track the expiration date of the certificate and automatically renew it 30 days before the expiration date. If you issue a certificate on your own, you will need to validate your domain and pass a verification process, and then renew the certificate every 60 days.

The certificate is valid only if project in which it was released.

Issue a Let's Encrypt® certificate⁠

You can issue a Let's Encrypt® certificate that is valid:

• only for the main domain or for the main domain and all its subdomains (Wildcard certificate);
• for the subdomain only. The certificate will not be valid for the main domain.

carefully

After a Let's Encrypt® certificate is issued, the site, service or application will not automatically open over HTTPS — you need to download certificate and install it on your web server.

For the main domain and subdomains

1. Create an area for the domain in DNS hosting.

2. Delegate the domain.

3. В control panels go to Cloud platform → The manager of secrets.

4. Open the tab Certificates.

5. Click Add a certificate.

6. Select Certificates from Let's Encrypt®.

7. Enter the name of the certificate.

8. Select the domain you delegated to DNS hosting in step 2.

9. Optional: to add a subdomain to the certificate for the main domain, click Add an additional domain.

   Enter the name of the subdomain. To issue a Wildcard certificate, enter a subdomain of the form *.example.com

10. Click Issue a certificate.

Subdomain only

1. Create an area for a subdomain in DNS hosting.
2. Delegate a subdomain.
3. В control panels go to Cloud platform → The manager of secrets.
4. Open the tab Certificates.
5. Click Add a certificate.
6. Select Certificates from Let's Encrypt®.
7. Enter the name of the certificate.
8. Select the subdomain that you delegated to DNS hosting in step 2.
9. Click Issue a certificate.

Download a Let's Encrypt® certificate⁠

1. В control panels go to Cloud platform → The manager of secrets.
2. Open the tab Certificates → certificate page.
3. In the block Certificate files Select a certificate, intermediate certificate chain, root certificate, and private key.
4. Click Download.

View the status of your Let's Encrypt® certificate⁠

1. В control panels go to Cloud platform → The manager of secrets.

2. Open the tab Certificates.

3. Look at the status in the certificate row → column Status.

   ACTIVE	The certificate is valid and ready for use
   CREATING	Certificate issuance and secrecy preservation takes place
   RENEWING	There are 30 days left until the certificate expiration date, automatic reissuance takes place
   INVALID	The certificate is invalid for one reason: signed incorrectly; the certificate trust chain is broken (the root certificate could not be verified or the intermediate certificate has expired); it is impossible to verify the certificate signature; DNS-01 failed
   ERROR	An error occurred while issuing the certificate. Verify that your domain registrar has created NS records pointing to Selectel servers: a.ns.selectel.ru, b.ns.selectel.ru, c.ns.selectel.ru, d.ns.selectel.ru. If the problem persists, file a ticket