SSL Certificate is a unique digital signature of your website that provides a secure connection between a client and a server. It is important when you transfer sensitive information and carry out financial transactions.
Use these links for faster search:
- How to add a personal SSL certificate when creating a resource
- How to add a personal SSL certificate in the SSL certificates section
- How to delete a personal SSL certificate
- How to attach a personal certificate to a resource
- Personal certificate renewal
- How to insert a certificate correctly
- SSL certificates expiration notifications
Personal SSL certificate
Use a personal SSL certificate if you set a custom value as the Personal domain for creating a CNAME record.
There are two ways to add a personal certificate: when creating a resource and in the SSL certificates section of a personal account.
How to add a personal SSL certificate when creating a resource
To add and bind a personal certificate when creating a resource, enter a custom value for a Personal domain, activate the Enable HTTPS option, and click Add SSL certificate.
Select Add your own certificate in the pop-up window. Specify the certificate name, PEM format certificate, and the private key. Click Add SSL certificate.
Read here how to insert a certificate correctly.
The certificate will be bound to the resource and added to the list of personal certificates in the SSL certificates section of a personal account.
How to add a personal SSL certificate in the SSL certificates section
To add a certificate in your personal account without binding to a resource, go to the SSL certificates section of the CDN service. Click Add SSL certificate.
Insert an SSL certificate in PEM format, a private key, and specify a certificate name. Click Create SSL certificate.
Read here how to insert a certificate correctly.
After saving the settings, the certificate will be displayed in the list of SSL certificates.
This section contains information about certificates: id, name, and expiration date.
How to delete a personal SSL certificate
To delete a certificate, click the arrow sign next to the Settings button. Select Remove.
How to attach a personal certificate to a resource
A certificate added in the SSL certificates section can be attached to a resource in the resource settings while creating or editing it.
- Go to the resource settings.
- Find the Enable HTTPS option.
- Select the required certificate in the certificate selector.
- Save changes.
Personal certificate renewal
There is no way to change the data of an added certificate, so when the resource certificate is near to expiry, follow these steps:
- Add a new certificate in the SSL certificates section.
- Go to the settings of the required resource.
- Find the section Enable HTTPS.
- Now the certificate selector displays the name of your current certificate.
- Click on the selector filed and choose a new certificate.
- Save the changes.
- The settings will be applied within 10-15 minutes.
- Check which certificate is bound with the resource now. To do this, open CNAME in the browser (for example, https://example.ru.) Click on the lock icon next to https, then go to Certificate.
- Compare displayed certificate data with the certificate data you have just installed. If settings are applied, you can delete the old certificate from the SSL certificates section in the personal account.
Important! Do not delete the old certificate from the SSL certificates section until the content is delivered using the new certificate. Follow the steps described above, otherwise, content delivery will be interrupted.
How to insert a certificate correctly
- Open a certificate file in PEM format in the Notepad app. Certificates of such format usually have .pem, .crt, or .cer extensions.
- Copy and paste the certificate chain in the following order: Personal certificate → Intermediate CA → Root CA.
- Data in the Certificate field should be inserted, including the tags - - - - - BEGIN CERTIFICATE - - - - and - - - - - END CERTIFICATE - - - -.
- Certificate chains must be inserted together.
- There should be an empty string at the end of the certificate chain.
- Open a file with the private key (.key) in the Notepad app.
- Copy and paste the key, including the tags - - - - - BEGIN PRIVATE KEY - - - - and - - - - - END PRIVATE KEY - - - - -.
- Click Create SSL certificate.
- The certificate will appear in the SSL certificates section. If this certificate is added at the moment of resource creation, the certificate will also be bound to the resource.
SSL certificates expiration notifications
The notifications of the expiration of SSL certificates added to the SSL certificates section are displayed in the personal account and sent to the email address of Administrator and Engineer emails.
Please, note! Let's Encrypt certificates issued in the CDN resource settings are automatically renewed, there are no notifications of the expiration for such certificates.
Users are notified by email:
- 14 days before the certificate expires
- 7 days before the certificate expires
- The certificate expiration day
When you log in to your personal account, you will see a reminder:
The SSL certificates section will be marked with a special sign if there are already expired certificates or those that will expire in the next 14 days:
In the SSL certificates section, special signs will appear next to certificates that need attention:
- if the certificate has already expired.
- if the certificate expires in 14 days or less
Let's Encrypt Certificate
If you don't have your own SSL certificate, you can activate the free Let's Encrypt certificate in your personal account.
Let's Encrypt activation
1. Create a CDN resource with a custom value for a personal domain.
2. Add a CNAME record to the domain's DNS settings.
3. Activate the Enable HTTPS button in the resource settings, and click Add SSL certificate.
3. Select Get free Let's Encrypt certificate and click Get SSL certificate.
A certificate issuing may take up to 30 minutes. During this time, please, do not:
- disable the HTTPS option
- select another certificate
- interrupt the issuing of the current certificate.
Important! The certificate issuing time depends on the resource creation time. If you want to issue it for the resource you just created, because the configuration has not yet been applied on all CDN servers, certificate issuing takes up to 30 minutes. If the resource configuration is already applied on all CDN servers, the Let's Encrypt certificate issuing takes less than a couple of minutes.
If an error occurs during certificate issuance, the Enable HTTPS option will be disabled and a notification will be sent to your email.
Attention! You can issue a Let's Encrypt certificate only for an existing resource. If the resource's CNAME in the DNS settings is not pointing to the value specified on the Setup Instructions tab in the CDN Resource settings, or the source is not available, the certificate will not be issued.
Only one Let's Encrypt certificate can be issued per resource.
In case if you want to add or delete an additional personal domain for a resource, we will reissue the certificate after saving the changes. You will see a warning that the current certificate will be valid for 30 minutes and will be automatically changed.
While the resource is active, the certificate is renewed automatically.
An attempt to reissue the certificate occurs 30 days before the expiration of the current certificate. There is only one attempt to reissue the certificate. If the certificate is not reissued, a notification will be sent to your mail.
Important! In case of an unsuccessful attempt to reissue a certificate, the current certificate will be active for another 30 days. After the end date of the certificate, the content will become unavailable via HTTPS.
How to revoke Let's Encrypt?
To revoke a certificate, go to the resource settings and click Revoke certificate in the Enable HTTPS section.
! Using the API request you can replace the Let's Encrypt with your own certificate without Let's Encrypt revoking.
Restrictions and features of the option
- The certificate cannot be issued for a wildcard domain.
- If a Let's Encrypt certificate is issued, the selector of certificates is not displayed in the resource settings. Personal certificates will become available for selecting after Let's Encrypt revoking.
- A Let's Encrypt certificate is not displayed on the SSL certificates tab.
- A certificate is visible only in settings of the resource for which it is issued.
- To issue and revoke a Let's Encrypt certificate there is no need to save the resource settings.
- If you use DNS Cloudflare, do not set Flatten all CNAMEs in CNAME Flattering option. Cloudflare will return not a CNAME, but A-record and Let's Encrypt certificate won't be issued. In order to Let's Encrypt certificate will be issued in this option should be set Flatten CNAME at root.
Shared SSL certificate
After creating the resource's CNAME in gcdn.co zone, a free SSL certificate will be applied to it. All content would be available through the HTTPS.