API
CDN
CDN
For static filesFor the entire site
AWS S3B2evolutionClouldFlareConcrete5CraftCs-cartDjango CMSDrupalGoogle Cloud StorageIPBIPSJoomlaKirbyMagentoPerchPrestaShopPyroCMSSocialEngineTypo3vBulletinWebasyst
Gcore pluginRocket pluginW3 Total Cache pluginWP SuperCache plugin
X-CartXenForo
Add CDN servers to ACLHTTP/2
BillingCDN resources overview
Specify an originPrivate originEnable SSL ValidationCreate a custom domain (CNAME)SSL certificatesEnable shielding (paid)Suspend a CDN resource
Configure CDN cachingSet a redirect from an originConfigure browser cachingIgnore Set Cookie or Query stringUse stale cache if origin is unavailableCache Sharding
Manage access policiesRedirect from HTTP to HTTPS
OverviewConfigure and use
Specify HTTP methodsSet SNI hostname
GZip, BrotliFetch
Custom HTTP status codeLarge files deliveryRewriteWebSockets
Add request headersActivate CORSConfigure response headersManage the Host headerIdentify a user's request protocol
Network limits
Image stack overviewEnable Image stack
Convert to WebP or AVIFChange qualityCropResize
Troubleshooting
Streaming via CDN (for paid tariffs)Geobalancer (for paid tariffs)
Create a ruleCreate a template for rulesAvoid indexing
Origin group
SSL overviewOwn SSL certificateLet's Encrypt certificate
PurgePrefetch
Raw Logs (paid)Log Viewer (free)
Reports
Grafana reportsTerraform
Error status codesContent unavailabilityLow cache hit ratioLow content delivery speedAttaching or issuing an SSL certificate3xx codes4xx codes5xx codes
Support API
Chosen image
Home/CDN/SSL certificates/

Configure Let's Encrypt certificate

If you do not have your own SSL certificate, you can activate the free Let's Encrypt certificate in your account. Let's Encrypt certificates can only be issued for resources with a custom domain name.

Attach a Let's Encrypt certificate

During resource creation

On the Set up initial configuration step, navigate to the SSL section, and turn on the toggle for Enable HTTPS. Then, select Get free Let's Encrypt certificate.

During resource creation

The certificate issuance may take up to 30 minutes after the resource is created. During this time, please do not:

  • disable the HTTPS option,
  • select another certificate,
  • interrupt the issuance of the current certificate.

For created resource

1. Go to CDN and select the CDN resource you want to configure.

CDN resource

2. In the navigation panel, under the General section, click SSL.

General section

3. In the SSL section, turn on the toggle for Enable HTTPS, select Get free Let's Encrypt certificate, and click on Save changes.

SSL section

Notes regarding issuing

  • The time it takes to issue a certificate varies depending on when the CDN resource was created. If you are requesting a certificate for a recently created resource, it may take up to 30 minutes as the configuration has not yet been fully propagated to all CDN servers. However, if the resource's configuration has already been fully propagated, issuing a Let's Encrypt certificate will only take a few minutes.
  • Let's Encrypt requires placing a temporary file at the URL http://<CNAME>/.well-known/acme-challenge/<TOKEN> and making HTTP requests to this file. Before adding a Let's Encrypt certificate, make sure that your CDN resource does not have any rules that block these requests. Examples of such rules include:
    • A rule with /*. This rule will catch any strings and override the hidden rule that is necessary to obtain a certificate.
    • A rule with ((?!(jpeg|gif|png|pdf|jpg|css|js|woff|woff2|ttf)).)*$. This rule will catch all non-static files.

You can check your resource rules using the service regex. If you find a rule that blocks Let's Encrypt certificate issuance, delete the rule or change its pattern. The next time Let's Encrypt sends a request, the certificate issuance should be successful.

If an error occurs during certificate issuance, the Enable HTTPS toggle will be disabled and a notification will be sent to your email.

  • You can only issue a Let's Encrypt certificate for an existing resource. If the CNAME of the resource in the DNS settings is not pointing to the value specified in the setup guide, or the source is not available, the certificate will not be issued.
  • Only one Let's Encrypt certificate can be issued per resource. If you need to add or remove an additional personal domain for a resource, we will reissue the certificate after making the changes. You will receive a warning that the current certificate will only be valid for 30 minutes and will be automatically replaced.
Warning

While the resource is active, the certificate is renewed automatically. An attempt to reissue the certificate will be made 30 days before the expiration of the current certificate. There is only one attempt to reissue the certificate. If the certificate is not reissued, a notification will be sent to your email.

In the event of an unsuccessful attempt to reissue a certificate, the current certificate will remain active for another 30 days. After the certificate's end date, the content will become unavailable via HTTPS.

To avoid interruption of content delivery, please reissue the certificate yourself. To do this, revoke the Let's Encrypt certificate in your account and then .

Revoke a Let's Encrypt certificate

To revoke a certificate, go to the Resource Settings and click Revoke Let's Encrypt certificate in the SSL section.

Revoke a Let's Encrypt certificate

Note: You can also use an API request to replace the Let's Encrypt certificate with your own certificate without having to revoke it.

Restrictions and features of the option

  • A wildcard domain cannot be issued a certificate
  • If a Let's Encrypt certificate is issued, the certificate selector will not be displayed in the resource settings. Personal certificates will become available for selection after revoking Let's Encrypt
  • A Let's Encrypt certificate will not be displayed on the SSL Certificates page
Restrictions and features of the option
  • A certificate is only visible in the settings of the resource for which it is issued.
  • Issuing and revoking a Let's Encrypt certificate does not require saving the Resource Settings.
  • If you are using DNS Cloudflare, be sure not to set the CNAME Flattering option to Flatten all CNAMEs. This will cause Cloudflare to return an A-record instead of a CNAME, which will prevent the issuance of a Let's Encrypt certificate. To successfully issue a Let's Encrypt certificate, set the CNAME Flattering option to Flatten CNAME at root.
Status

Was this article helpful?

Not a Gcore user yet?

Learn more about our next-gen CDN

Go to the product page
Edit on GitHub