Certificates from Let's Encrypt®
In the secret manager, you can issue a TLS certificate from Let's Encrypt® for a domain that is only migrated to legacy DNS hosting version. For domains added to a new version of DNS hosting (actual), you cannot issue a certificate.
If you issue a Let's Encrypt® certificate in the secret manager, DNS-01 validation will occur automatically. Domain DNS records are stored in Selectel's infrastructure, so the service itself creates a TXT record for certificate issuance. The service will track the certificate's expiration date and automatically renew it 30 days before it expires. If you issue a certificate on your own, you must validate your domain and pass a verification process and then renew your certificate every 60 days.
The certificate is only valid in the cloud platform project in which it was issued.
Once a Let's Encrypt® certificate is issued, the site, service or application will not automatically open over HTTPS — you must download the certificate and install it on your web server.
Issue a Let's Encrypt® certificate
You can add any of its subdomains to a Let's Encrypt® certificate for the main domain or issue a Wildcard certificate that will be valid for all subdomains at once.
You can issue a certificate that is valid only for the subdomain and not valid for the main one.
- Для основного домена и поддоменов
- Только для поддомена
-
If you want to issue a certificate for the main domain and its subdomains or just the main domain, in control panel add the domain to DNS hosting (legacy).
-
Delegate the domain, for this purpose, specify Selectel NS-servers:
ns1.selectel.ru
,ns2.selectel.ru
,ns3.selectel.ru
,ns4.selectel.ru
in the domain NS-records of your domain registrar. -
In Control Panel, go to Cloud Platform → Secrets Manager.
-
Open the Certificates tab.
-
Click Add Certificate.
-
Select Certificates from Let's Encrypt®.
-
Enter the name of the certificate.
-
Select the domain you delegated to DNS hosting in step 1.
-
Optional: To add a subdomain to the certificate for the primary domain, click Add Additional Domain.
Enter the name of the subdomain. To issue a Wildcard certificate, enter a subdomain of the form
*.<example.com>
-
Click Release Certificate.
-
Download certificate and install it on your web server side.
- If you only want to issue a certificate for a subdomain, but not issue one for the main one, in control panel add the subdomain to DNS hosting (legacy).
- Delegate the domain, for this purpose, specify Selectel NS-servers:
ns1.selectel.ru
,ns2.selectel.ru
,ns3.selectel.ru
,ns4.selectel.ru
in the domain NS-records of your domain registrar. - In Control Panel, go to Cloud Platform → Secrets Manager.
- Open the Certificates tab.
- Click Add Certificate.
- Select Certificates from Let's Encrypt®.
- Enter the name of the certificate.
- Select the subdomain that you delegated to DNS hosting in step 1.
- Click Release Certificate.
- Download certificate and install it on your web server side.
Download Let's Encrypt® certificate
- In Control Panel, go to Cloud Platform → Secrets Manager.
- Open the Certificates tab → certificate page.
- In the Certificate Files block, select the certificate, intermediate certificate chain, root certificate, and private key.
- Click Download.
- Install the certificate on your web server.
View the status of your Let's Encrypt® certificate
-
In Control Panel, go to Cloud Platform → Secrets Manager.
-
Open the Certificates tab.
-
Look at the status in the certificate row → Status column.