Adding a Let's Encrypt certificate
You can use a certificate from Certificate Manager in the specified Nebius Israel services only.
To add a new Let's Encrypt certificate:
- In the management console
, select the folder to add a certificate to. - In the list of services, select Certificate Manager.
- Click Add certificate.
- In the menu that opens, select Let's Encrypt certificate.
- In the window that opens, enter a name for the certificate in the Name field.
- (Optional) In the Description field, enter a description for the certificate.
- In the Domains field, list the domains to issue a certificate for.
- Select the type of check for domain rights:
DNS
orHTTP
. - Click Create.
If you don't have the Nebius Israel command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
View a description of the command:
yc certificate-manager certificate request --help
-
Run the following command:
yc certificate-manager certificate request \ --name mymanagedcert \ --domains example.com
Where:
--name
: Certificate name.--domains
: Certificate domains.
Command result:
id: fpq6gvvm6piu******** folder_id: b1g7gvsi89m3******** created_at: "2020-09-15T08:49:11.533771Z" ... - example.com status: VALIDATING updated_at: "2020-09-15T08:49:11.533771Z"
If you do not have Terraform yet, install it and configure the Nebius Israel provider.
For more information about Terraform, see the documentation.
-
In the Terraform configuration file, describe the parameters of the resource to create:
resource "yandex_cm_certificate" "le-certificate" { name = "<certificate_name>" domains = ["<domain>"] managed { challenge_type = "<type_of_domain_owner_check>" } }
Where:
-
domains
: List of domains to create a certificate for. -
challenge_type
: Type of domain rights check to be passed by the domain owner. Possible values:DNS_CNAME
: Create a DNS record in CNAME format with the specified value. Method recommended for automatic certificate renewal.DNS_TXT
: Create a DNS record in TXT format with the specified value.HTTP
: Place the specified value in the specified URL.
For more information about the
yandex_cm_certificate
resource parameters, see the Terraform provider documentation . -
-
Create resources:
-
In the terminal, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using the command:
terraform validate
If the configuration is correct, the following message is returned:
Success! The configuration is valid.
-
Run the command:
terraform plan
The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
in the terminal and press Enter.
-
This will create a certificate in the specified folder. You can check if the certificate is there and properly configured either from the management console
yc certificate-manager certificate get <certificate_name>
To add a certificate, use the requestNew REST API method for the Certificate resource or the CertificateService/RequestNew gRPC API call.
A new certificate appears in the certificate list with the Validating
status. This status means that a Let's Encrypt certificate was requested and you need to pass the domain rights check to process it.