TLS (SSL) Certificates for User Domains
To access objects in a bucket via a custom domain over HTTPS, you need to add a TLS (SSL) certificate. You can manage certificates via the Control Panel or User Certificates API.
You can issue a certificate with any provider. If you use Servercore DNS hosting, you can quickly issue a Let’s Encrypt certificate, but you must manually add the certificate after each Let’s Encrypt renewal.
The certificate is added at the country level: it will only work for buckets hosted in the selected country's region. A single certificate cannot be used in multiple projects.
Only one certificate can be active for a single domain. If multiple certificates are added for a domain, the last one uploaded will be active. If the active certificate is deleted or its validity period expires, the previous one will be automatically activated, provided it has not expired.
TLS Protocol
The Transport Layer Security (TLS) protocol is a newer version of the SSL protocol and is used in conjunction with the HTTP protocol. Using HTTP and TLS together ensures data encryption, authentication, and integrity.
We recommend using the TLS protocol version 1.2 or higher. Versions below 1.2 are considered obsolete (read more on the IETF website) and have not been supported by S3 since May 1, 2023.
You can view the TLS version in use in the logs.
Learn more about configuring TLS version 1.2 in the Amazon documentation:
Add certificate
You can add up to 100 certificates per project.
-
In the control panel, click Products in the top menu and select S3.
-
Go to the SSL Certificates section.
-
Click Add certificate.
-
Select the country for buckets in which the certificate will work.
-
Enter a name for the certificate; it must be unique within the project.
-
Add a primary certificate:
-----BEGIN CERTIFICATE-----<certificate.crt>-----END CERTIFICATE-----Specify
<certificate.crt>— the private key inPKCS#1format. -
Add a private key:
-----BEGIN PRIVATE KEY-----<private_key.key>-----END PRIVATE KEY-----Specify
<private_key.key>— the private key inPKCS#1format. -
Click Add certificate. The certificate will be activated within five minutes.
Certificate statuses
Delete certificate
You cannot delete certificates that are currently being added.
- In the control panel, click Products in the top menu and select S3.
- Go to the SSL Certificates section.
- In the certificate line, click .
- Enter the certificate name and click Delete.