Skip to main content
SSL certificates of the load balancer
Last update:

SSL certificates of the load balancer

Add multiple SSL certificates for the balancer

  1. Upload SSL certificates to the secrets manager. Certificates with an empty CN (Common Name) field are not supported in load balancers.

  2. Open OpenStack CLI.

  3. Add Certificates — Create a new Listener for the load balancer or upgrade an existing one:

    openstack loadbalancer listener create \
      -v --protocol-port 443 \
      --protocol TERMINATED_HTTPS \
      --name <listener_name> \
      --default-tls-container=<certificate_uuid_1> \
      --sni-container-refs <certificate_uuid_1> <certificate_uuid_2> -- <loadbalancer>

    Specify:

    • <listener_name> is the listener's name;
    • <certificate_uuid_1>, <certificate_uuid_2> — Certificate IDs. You can look in control panel: under Cloud PlatformSecrets ManagerCertificates tab → select Copy UUID from the ( ) certificate menu;
    • <loadbalancer> — balancer ID or name, can be viewed with openstack loadbalancer list

Replace SSL Certificate

If an SSL(TLS)-certificate is added to a load balancer rule with HTTPS protocol and it expires, you can replace it by adding another certificate with a new certificate expiration date.

carefully

We do not recommend updating the certificate through secrets manager. In this case, you will need to perform an emergency switchover balancer amphora through technical support.

  1. In Control Panel, go to Cloud PlatformBalancers.
  2. Open the balancer card → SSL Certificate tab.
  3. Click Replace Certificate.
  4. Select a new certificate. Certificates with an empty CN (Common Name) field are not supported in load balancers.
  5. Click Replace Certificate.