Manage TLS (SSL) certificates for a CDN resource
TLS(SSL)-certificate is a unique digital signature of a website. The certificate is required for a secure connection between the client and the server (HTTPS protocol) when transmitting confidential information and conducting financial transactions.
Selectel uses Let's Encrypt® certificates and personal certificates.
Comparison of types of certificates
Let's Encrypt® Certificate
A CDN resource can only have one valid Let's Encrypt® certificate
The Let's Encrypt® certificate for default domains works immediately after the resource is created. For personal domains, you need to issue Let's Encrypt certificate manually.
Let's Encrypt® certificate cannot be deleted, only replaced with a personal certificate.
The certificate does not need to be manually renewed - it is automatically reissued 30 days prior to expiration.
For more information about Let's Encrypt® certificate limits, see Rate Limits of Let's Encrypt® documentation.
Issue a Let's Encrypt® certificate
-
Make sure to create a resource and add a personalized domain.
-
In the Control Panel, on the top menu, click Products and select CDN.
-
Go to Certificates for CDN resources.
-
In the menu of the section, click Release SSL Certificate.
-
Select the CDN resource for which you want to issue a certificate.
-
Click Release.
-
Go to the CDN Resources section.
-
Open the CDN resource page → Certificates tab.
-
Select the Distribute over HTTPS via CNAME checkbox.
-
In the Certificate field, select the certificate that you issued in step 6.
-
Click Apply. The resource will be in
PROCESSINGstatus while the settings are being applied . You cannot apply any other settings at this time. The settings will be applied when the share changes toACTIVEstatus.
Personalized certificate
If you have your own TLS(SSL)-certificate, you can upload it as a personal certificate.
The certificate must specify the personal domains of the resource through which you want to distribute content over HTTPS.
Only one TLS(SSL) certificate can be active for a resource. Content will be distributed via domains that are not specified in the personal certificate only via HTTP.
If you remove the personal certificate, you will need to issue a Let's Encrypt® certificate for the share.
Download a personalized certificate
-
Make sure to create a resource and add a personalized domain to the resource.
-
In the Control Panel, on the top menu, click Products and select CDN.
-
Go to Certificates for CDN resources.
-
From the section menu, click Upload your own certificate.
-
Specify a name for the certificate. It will be used only in the control panel.
-
Add a certificate for the domain. It must start with
-----BEGIN CERTIFICATE-----and end with-----END CERTIFICATE-----.If you want to add multiple certificates, make sure that all certificates (the primary certificate for the domain, the intermediate certificates, and the root certificate) create a complete chain. The
Issuervalue of the primary certificate must match theSubjectvalue of the first intermediate certificate, theIssuervalue of the first intermediate certificate must match theSubject ofthe second intermediate certificate, and so on. -
Add a private key. It should start with
-----BEGIN PRIVATE KEY-----and end with-----END PRIVATE KEY-----. -
Click Download.
-
Go to the CDN Resources section.
-
Open the CDN resource page → Certificates tab.
-
Select the Distribute over HTTPS via CNAME checkbox.
-
In the Certificate field, select the certificate that you downloaded in step 8.
-
Click Apply. The resource will be in
PROCESSINGstatus while the settings are being applied . You cannot apply any other settings at this time. The settings will be applied when the share changes toACTIVEstatus.You can view certificate information in the control panel: in the top menu, click Products and select CDN → CDN resources → resource page → Certificates tab.