Skip to main content
Certificates from Let's Encrypt®
Last update:

Certificates from Let's Encrypt®

For your information

In the secret manager, you can issue a TLS certificate from Let's Encrypt® for a domain that is only migrated to legacy DNS hosting version. For domains added to a new version of DNS hosting (actual), you cannot issue a certificate.

If you issue a Let's Encrypt® certificate in the secret manager, DNS-01 validation will occur automatically. Domain DNS records are stored in Selectel's infrastructure, so the service itself creates a TXT record for certificate issuance. The service will track the certificate's expiration date and automatically renew it 30 days before it expires. If you issue a certificate on your own, you must validate your domain and pass a verification process and then renew your certificate every 60 days.

The certificate is only valid in the cloud platform project in which it was issued.


Once a Let's Encrypt® certificate is issued, the site, service or application will not automatically open over HTTPS — you must download the certificate and install it on your web server.

Issue a Let's Encrypt® certificate

You can add any of its subdomains to a Let's Encrypt® certificate for the main domain or issue a Wildcard certificate that will be valid for all subdomains at once.

You can issue a certificate that is valid only for the subdomain and not valid for the main one.

  1. If you want to issue a certificate for the main domain and its subdomains or just the main domain, in control panel add the domain to DNS hosting (legacy).

  2. Delegate the domain, for this purpose, specify Selectel NS-servers:,,, in the domain NS-records of your domain registrar.

  3. In Control Panel, go to Cloud PlatformSecrets Manager.

  4. Open the Certificates tab.

  5. Click Add Certificate.

  6. Select Certificates from Let's Encrypt®.

  7. Enter the name of the certificate.

  8. Select the domain you delegated to DNS hosting in step 1.

  9. Optional: To add a subdomain to the certificate for the primary domain, click Add Additional Domain.

    Enter the name of the subdomain. To issue a Wildcard certificate, enter a subdomain of the form *.<>

  10. Click Release Certificate.

  11. Download certificate and install it on your web server side.

Download Let's Encrypt® certificate

  1. In Control Panel, go to Cloud PlatformSecrets Manager.
  2. Open the Certificates tab → certificate page.
  3. In the Certificate Files block, select the certificate, intermediate certificate chain, root certificate, and private key.
  4. Click Download.
  5. Install the certificate on your web server.

View the status of your Let's Encrypt® certificate

  1. In Control Panel, go to Cloud PlatformSecrets Manager.

  2. Open the Certificates tab.

  3. Look at the status in the certificate row → Status column.

    ACTIVEThe certificate is valid and ready for use
    CREATINGCertificate is being issued and secrets are being stored
    RENEWING30 days left until the certificate expiration date, automatic reissuance takes place.

    Certificate is invalid for one of the following reasons:

    • signed incorrectly;
    • the certificate trust chain is broken (the root certificate could not be verified or the intermediate certificate has expired);
    • it is impossible to verify the certificate signature;
    • DNS-01 validation failed
    ERRORAn error occurred while issuing the certificate. Check that your registrar has the following NS records:,,, If the problem persists, create a ticket