Gcore CDN Offers Enhanced UX and Improved Validation for Let’s Encrypt Certificates

Gcore CDN Offers Enhanced UX and Improved Validation for Let’s Encrypt Certificates

SSL/TLS encryption is today indispensable, and for years, Let’s Encrypt has been the go-to Certificate Authority. Our longstanding collaboration with Let’s Encrypt allows us to offer affordable certificates to our entire range of customers, from individual website owners to large-scale corporate platforms. We are excited to present two significant updates to this service, which are offered via Gcore CDN: enhanced validation via the DNS-01 challenge, and an improved user interface for a superior user experience.

#1 DNS-01 Challenge

While issuing a Let’s Encrypt certificate, domain ownership must be verified. To do this, the HTTP-01 challenge is usually the method of choice. However, this challenge may not be the best fit in certain situations, such as when using multi-CDNs with a load balancer, when issues can crop up if a CNAME responds with a value not associated with Gcore.

We recently upgraded the process of certificate validation from Let’s Encrypt, introducing the highly anticipated DNS-01 challenge option. This significant development caters in particular to multi-CDN installations, wildcard certificates, and multiple origins, but provides enhanced flexibility for all users. Here’s how the DNS-01 challenge provides a better solution to the HTTP-01 challenge, especially in multi-CDN and multi-server environments:

FeatureHTTP-01 ChallengeDNS-01 Challenge
Port operationOperates only on port 80Not restricted to a specific port
SuitabilityLimited in multi-CDN and complex server setupsHighly suitable for multi-CDN and complex environments
Network configurationWorks with standard web server configurations onlyAdaptable to various network and server configurations
SecurityBasic validation mechanismRequires careful DNS API credential management
AutomationLimited due to port and network constraintsAllows for automation through DNS provider APIs
ScalabilityMay face challenges in scaling for complex setupsScalable and efficient for diverse web infrastructures

For more details on the differences, check out Let’s Encrypt’s official documentation. We provide detailed setup instructions for using DNS-01 with Gcore.

#2 User Experience (UX) Improvements

We’ve implemented several updates to our CDN user interface to offer a more intuitive user experience. Let’s run through five key changes.

  1. Pre-validation website checks. We now verify website ownership internally before forwarding the request to Let’s Encrypt. If any issues or errors are detected, you’ll be promptly notified, saving time in the issuance process by removing potential back and forth with Let’s Encrypt.
  2. Real-time status indication. Live status updates are provided when a request is sent to Let’s Encrypt, keeping you informed throughout the process.
  3. Detailed error descriptions. We have added more comprehensive and helpful error descriptions to help you understand and address any issues that arise during the request process. Here’s an example:
Pre-validation failed status snapshot in Gcore SSL page
  1. Automatic retry mechanism. Each request now undergoes several automatic retries before being marked as “failed,” increasing the chances of successful validation.
  2. Force retry option. During the ACME challenge, an error may occur if a CDN resource is still being created. The system will retry after fifteen minutes, or users can use the “force retry” option to attempt again immediately.

To learn more about Let’s Encrypt issuing statuses, check out our dedicated guide.

Conclusion

Thanks to these new updates, Gcore customers now enjoy an intuitive certificate validation experience with increased flexibility. If you want to experience these improvements for yourself, check out our CDN service or connect with our experts today for personalized website protection solutions.

Subscribe to our newsletter

Stay informed about the latest updates, news, and insights.