If you do not have your own SSL certificate, you can activate the free Let's Encrypt certificate in your account. Let's Encrypt certificates can only be issued for resources with a custom domain name.
On the Set up initial configuration step, navigate to the SSL section, and turn on the toggle for Enable HTTPS. Then, select Get free Let's Encrypt certificate.
The certificate issuance may take up to 30 minutes after the resource is created. During this time, please do not:
1. Go to CDN and select the CDN resource you want to configure.
2. In the navigation panel, under the General section, click SSL.
3. In the SSL section, turn on the toggle for Enable HTTPS, select Get free Let's Encrypt certificate, and click on Save changes.
We use the HTTP-01 challenge by default to validate your ownership of the domain to which you want to issue the Let’s Encrypt certificate. But sometimes, this challenge type isn’t suitable. For example, if you use multi-CDNs with a balancer, CNAME may answer with the non-Gcore value, and the Let’s Encrypt certificate issuance can fail.
To avoid this problem and make the process more flexible, we have added support for the DNS-01 challenge. You can read more about the principles of its operation in the official documentation.
To use the DNS-01 challenge, you need to:
1. Activate Gcore DNS Hosting in your personal account.
2. Delegate your custom domain name to Gcore's name servers (ns1.gcorelabs.net and ns2.gcdn.services).
3. Enable the
use_dns01_le_challenge option. Check our API documentation for help with this.
http://<CNAME>/.well-known/acme-challenge/<TOKEN> and making HTTP requests to this file. Before adding a Let's Encrypt certificate, make sure that your CDN resource does not have any rules that block these requests. Examples of such rules include:
You can check your resource rules using the service regex. If you find a rule that blocks Let's Encrypt certificate issuance, delete the rule or change its pattern. The next time Let's Encrypt sends a request, the certificate issuance should be successful.
If an error occurs during certificate issuance, the Enable HTTPS toggle will be disabled and a notification will be sent to your email.
While the resource is active, the certificate is renewed automatically. An attempt to reissue the certificate will be made 30 days before the expiration of the current certificate. There is only one attempt to reissue the certificate. If the certificate is not reissued, a notification will be sent to your email.
In the event of an unsuccessful attempt to reissue a certificate, the current certificate will remain active for another 30 days. After the certificate's end date, the content will become unavailable via HTTPS.
To avoid interruption of content delivery, please reissue the certificate yourself. To do this, revoke the Let's Encrypt certificate in your account and then .
To revoke a certificate, go to the Resource Settings and click Revoke Let's Encrypt certificate in the SSL section.
Note: You can also use an API request to replace the Let's Encrypt certificate with your own certificate without having to revoke it.
If your CDN resource domain cannot be ACME challenged, you will see a message informing you of the issue and the release button will be inactive. To avoid this problem, follow our dedicated guide.
After selecting the “Get free Let’s Encrypt certificate” option, if your CDN resource configurations are correct, the “Processing” status will be displayed in your customer portal while the certificate is being issued.
However, if some issues get in the way of the ACME challenge, you will see the following description of the error of issuing. Such an error can occur if a CDN resource is still in the process of creation, for example. The next attempt will occured in fifteen minutes. If you want to accelerate the reattempt, click force retry.
If the challenge verification is successful, the certificate will be issued, and you will see the status “Success.” The certificate will also be renewed automatically after three months.
After five unsuccessful attempts, the certificate status will be “Failed.” You can fix the error(s) causing failure using our dedicated guide. Click Retry issue to attempt issuance again.
Was this article helpful?
Learn more about our next-gen CDN