Certificates from Let's Encrypt®

Certificates from Let's Encrypt®

If you issue a Let's Encrypt® certificate in the Secret Manager, DNS-01 validation will be performed automatically. Domain DNS records are stored in Servercore's infrastructure, so the service creates a TXT record for certificate issuance on its own. The service will track the expiration date of the certificate and automatically renew it 30 days before the expiration date. If you issue a certificate on your own, you will need to validate the domain and pass a verification process, and then renew the certificate every 60 days.

The certificate is only valid in the project in which it was issued.

To issue a certificate, the domain must have an IP address in the A-record.

Issue a Let's Encrypt® certificate⁠

You can issue a Let's Encrypt® certificate that is valid:

• only for the main domain or for the main domain and all its subdomains (Wildcard certificate);
• for the subdomain only. The certificate will not be valid for the main domain.

carefully

Once a Let's Encrypt® certificate is issued, the site, service, or application will not automatically open over HTTPS — you must download the certificate and install it on your web server.

For the main domain and subdomains

1. Create a zone for the domain in DNS hosting.

2. Delegate the domain.

3. In the Control Panel, on the top menu, click Products and select Secrets Manager.

4. In the Secrets Manager section, open the Certificates tab.

5. Click Add Certificate.

6. Select Certificates from Let's Encrypt®.

7. Enter the name of the certificate.

8. Select the domain you delegated to DNS hosting in step 2.

9. Optional: To add a subdomain to the certificate for the primary domain, click Add Additional Domain.

   Enter the name of the subdomain. To issue a Wildcard certificate, enter a subdomain of the form *.example.com

10. Click Issue Certificate.

Subdomain only

1. Create a zone for the subdomain in DNS hosting.
2. Delegate subdomain.
3. In the Control Panel, on the top menu, click Products and select Secrets Manager.
4. In the Secrets Manager section, open the Certificates tab.
5. Open the Certificates tab.
6. Click Add Certificate.
7. Select Certificates from Let's Encrypt®.
8. Enter the name of the certificate.
9. Select the subdomain that you delegated to DNS hosting in step 2.
10. Click Issue Certificate.

Download a Let's Encrypt® certificate⁠

1. In the Control Panel, go to Cloud Platform → Secrets Manager.
2. Open the Certificates tab → Certificate page.
3. In the Certificate Files block, select the certificate, intermediate certificate chain, root certificate, and private key.
4. Click Download.

View the status of your Let's Encrypt® certificate⁠

1. In the Control Panel, go to Cloud Platform → Secrets Manager.

2. Open the Certificates tab.

3. Look at the status in the certificate row → Status column.

   ACTIVE	The certificate is valid and ready for use
   CREATING	Certificate issuance and secrecy preservation takes place
   RENEWING	There are 30 days left until the certificate expiration date, automatic reissuance takes place
   INVALID	The certificate is invalid for one reason: signed incorrectly; the certificate trust chain is broken (the root certificate could not be verified or the intermediate certificate has expired); it is impossible to verify the certificate signature; DNS-01 failed
   ERROR	An error occurred during certificate issuance. Check that your domain registrar has created NS records pointing to Servercore servers: a.ns.srv.cr, b.ns.servercore.ru, c.ns.servercore.ru, d.ns.servercore.ru. If the problem persists , create a ticket