Getting started with Certificate Manager

By following this guide, you will add your first Let's Encrypt certificate to Certificate Manager and use it to set up HTTPS access to a static website hosted in Object Storage.

Getting startedGetting started

To get started with Certificate Manager, you need:

1. A folder in Nebius Israel. If you don't have a folder, create one:

   1. In the management console, select a cloud and click Create folder at the top right.

   2. Enter the folder name. The naming requirements are as follows:

      • The length can be from 3 to 63 characters.
      • It may contain lowercase Latin letters, numbers, and hyphens.
      • The first character must be a letter. The last character can't be a hyphen.

   3. (Optional) Enter a description of the folder.

   4. Select Create a default network. This will create a network with subnets in each availability zone. Within this network, a default security group will be created, inside which all network traffic is allowed.

   5. Click Create.

2. A third-level (or higher) domain that the Let's Encrypt certificate is issued for.

   Note

   To pass the domain rights check, you must have control of the domain.

3. A public bucket in Object Storage with exactly the same name as the domain. If that bucket doesn't exist, create it:

   Management console

   1. In the management console, select the folder where you want to create a bucket.
   2. Select Object Storage.
   3. Click Create bucket.
   4. Enter exactly the same name for the bucket as the domain name.
   5. Select the Public access type.
   6. Select the default storage class.
   7. Click Create bucket to complete the operation.

4. Set up hosting in your bucket:

   Management console

   1. In the management console, select Object Storage.
   2. On the Buckets tab, click on the bucket named as the domain.
   3. In the left panel, select Website.
   4. Select Hosting and enter your website home page.
   5. Click Save to complete the operation.

5. Set up an alias for the bucket through your DNS provider or on your own DNS server.

   For instance, for the www.example.com domain, add the following record:

   www.example.com CNAME www.example.com.website.il.nebius.cloud
   

6. Install and configure the AWS CLI by following our instructions.

Create a request for a Let's Encrypt certificateCreate a request for a Let's Encrypt certificate

Passing the domain rights checkPassing the domain rights check

1. Create a file for the check:

   1. Go to the management console.
   2. Select Certificate Manager.
   3. Select a certificate with the Validating status in the list and click it.
   4. Under Check rights for domains:
      1. Copy the link from the Link for hosting file field:
         • The part of the link like http://example.com/.well-known/acme-challenge/ is the path to host your file at.
         • The second part of the link, rG1Mm1bJ..., is the file name that you should use.
      2. Copy the contents of the file from the Contents field.

2. Upload the created file to the bucket so that it's hosted in the directory .well-known/acme-challenge:

   AWS CLI

   aws --endpoint-url=https://storage.il.nebius.cloud \
      s3 cp <file name> s3://<bucket name>/.well-known/acme-challenge/<file name>
   

3. Wait until the certificate status changes to Issued.

4. Delete the file you created from the bucket:

   AWS CLI

   aws --endpoint-url=https://storage.il.nebius.cloud \
      s3 rm s3://<bucket name>/.well-known/acme-challenge/<file name>
   

Set up static website access over HTTPSSet up static website access over HTTPS

See alsoSee also

• Certificate from Let's Encrypt
• Checking rights for domain
• Set up HTTPS in a bucket