Adding a Let's Encrypt certificate

You can use a certificate from Certificate Manager in the specified Nebius Israel services only.

To add a new Let's Encrypt certificate:

Management console

CLI

Terraform

API

In the management console, select the folder to add a certificate to.
In the list of services, select Certificate Manager.
Click Add certificate.
In the menu that opens, select Let's Encrypt certificate.
In the window that opens, enter a name for the certificate in the Name field.
(Optional) In the Description field, enter a description for the certificate.
In the Domains field, list the domains to issue a certificate for.
Select the type of check for domain rights: DNS or HTTP.
Click Create.

If you don't have the Nebius Israel command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

View a description of the command:

yc certificate-manager certificate request --help

Run the following command:

yc certificate-manager certificate request \
  --name mymanagedcert \
  --domains example.com

Where:

--name: Certificate name.
--domains: Certificate domains.

Command result:

id: fpq6gvvm6piu********
folder_id: b1g7gvsi89m3********
created_at: "2020-09-15T08:49:11.533771Z"
...
- example.com
status: VALIDATING
updated_at: "2020-09-15T08:49:11.533771Z"

If you do not have Terraform yet, install it and configure the Nebius Israel provider.

For more information about Terraform, see the documentation.

In the Terraform configuration file, describe the parameters of the resource to create:
```
resource "yandex_cm_certificate" "le-certificate" {
  name    = "<certificate_name>"
  domains = ["<domain>"]

  managed {
  challenge_type = "<type_of_domain_owner_check>"
  }
}
```
Where:
- domains: List of domains to create a certificate for.
- challenge_type: Type of domain rights check to be passed by the domain owner. Possible values:
  - DNS_CNAME: Create a DNS record in CNAME format with the specified value. Method recommended for automatic certificate renewal.
  - DNS_TXT: Create a DNS record in TXT format with the specified value.
  - HTTP: Place the specified value in the specified URL.
For more information about the yandex_cm_certificate resource parameters, see the Terraform provider documentation.
Create resources:
1. In the terminal, change to the folder where you edited the configuration file.
2. Make sure the configuration file is correct using the command:
```
terraform validate
```
  If the configuration is correct, the following message is returned:
```
Success! The configuration is valid.
```
3. Run the command:
```
terraform plan
```
  The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
4. Apply the configuration changes:
```
terraform apply
```
5. Confirm the changes: type yes in the terminal and press Enter.

This will create a certificate in the specified folder. You can check if the certificate is there and properly configured either from the management console or using this CLI command:

yc certificate-manager certificate get <certificate_name>

To add a certificate, use the requestNew REST API method for the Certificate resource or the CertificateService/RequestNew gRPC API call.

A new certificate appears in the certificate list with the Validating status. This status means that a Let's Encrypt certificate was requested and you need to pass the domain rights check to process it.