SSL/TLS encryption is today indispensable, and for years, Let’s Encrypt has been the go-to Certificate Authority. Our longstanding collaboration with Let’s Encrypt allows us to offer affordable certificates to our entire range of customers, from individual website owners to large-scale corporate platforms. We are excited to present two significant updates to this service, which are offered via Gcore CDN: enhanced validation via the DNS-01 challenge, and an improved user interface for a superior user experience.
While issuing a Let’s Encrypt certificate, domain ownership must be verified. To do this, the HTTP-01 challenge is usually the method of choice. However, this challenge may not be the best fit in certain situations, such as when using multi-CDNs with a load balancer, when issues can crop up if a CNAME responds with a value not associated with Gcore.
We recently upgraded the process of certificate validation from Let’s Encrypt, introducing the highly anticipated DNS-01 challenge option. This significant development caters in particular to multi-CDN installations, wildcard certificates, and multiple origins, but provides enhanced flexibility for all users. Here’s how the DNS-01 challenge provides a better solution to the HTTP-01 challenge, especially in multi-CDN and multi-server environments:
|Feature||HTTP-01 Challenge||DNS-01 Challenge|
|Port operation||Operates only on port 80||Not restricted to a specific port|
|Suitability||Limited in multi-CDN and complex server setups||Highly suitable for multi-CDN and complex environments|
|Network configuration||Works with standard web server configurations only||Adaptable to various network and server configurations|
|Security||Basic validation mechanism||Requires careful DNS API credential management|
|Automation||Limited due to port and network constraints||Allows for automation through DNS provider APIs|
|Scalability||May face challenges in scaling for complex setups||Scalable and efficient for diverse web infrastructures|
We’ve implemented several updates to our CDN user interface to offer a more intuitive user experience. Let’s run through five key changes.
- Pre-validation website checks. We now verify website ownership internally before forwarding the request to Let’s Encrypt. If any issues or errors are detected, you’ll be promptly notified, saving time in the issuance process by removing potential back and forth with Let’s Encrypt.
- Real-time status indication. Live status updates are provided when a request is sent to Let’s Encrypt, keeping you informed throughout the process.
- Detailed error descriptions. We have added more comprehensive and helpful error descriptions to help you understand and address any issues that arise during the request process. Here’s an example:
- Automatic retry mechanism. Each request now undergoes several automatic retries before being marked as “failed,” increasing the chances of successful validation.
- Force retry option. During the ACME challenge, an error may occur if a CDN resource is still being created. The system will retry after fifteen minutes, or users can use the “force retry” option to attempt again immediately.
To learn more about Let’s Encrypt issuing statuses, check out our dedicated guide.
Thanks to these new updates, Gcore customers now enjoy an intuitive certificate validation experience with increased flexibility. If you want to experience these improvements for yourself, check out our CDN service or connect with our experts today for personalized website protection solutions.