Getting started with Certificate Manager
By following this guide, you will add your first Let's Encrypt certificate to Certificate Manager and use it to set up HTTPS access to a static website hosted in Object Storage.
Getting started
To get started with Certificate Manager, you need:
-
A folder in Nebius Israel. If you don't have a folder, create one:
-
In the management console
, select a cloud and clickCreate folder at the top right.
-
Enter the folder name. The naming requirements are as follows:
- The length can be from 3 to 63 characters.
- It may contain lowercase Latin letters, numbers, and hyphens.
- The first character must be a letter. The last character can't be a hyphen.
-
(Optional) Enter a description of the folder.
-
Select Create a default network. This will create a network with subnets in each availability zone. Within this network, a default security group will be created, inside which all network traffic is allowed.
-
Click Create.
-
-
A third-level (or higher) domain that the Let's Encrypt certificate is issued for.
Note
To pass the domain rights check, you must have control of the domain.
-
A public bucket in Object Storage with exactly the same name as the domain. If that bucket doesn't exist, create it:
Management console- In the management console
, select the folder where you want to create a bucket. - Select Object Storage.
- Click Create bucket.
- Enter exactly the same name for the bucket as the domain name.
- Select the Public access type.
- Select the default storage class.
- Click Create bucket to complete the operation.
- In the management console
-
Set up hosting in your bucket:
Management console- In the management console
, select Object Storage. - On the Buckets tab, click on the bucket named as the domain.
- In the left panel, select Website.
- Select Hosting and enter your website home page.
- Click Save to complete the operation.
- In the management console
-
Set up an alias for the bucket through your DNS provider or on your own DNS server.
For instance, for the
www.example.com
domain, add the following record:www.example.com CNAME www.example.com.website.il.nebius.cloud
-
Install and configure the AWS CLI by following our instructions.
Create a request for a Let's Encrypt certificate
- Go to the management console
. - Select Certificate Manager.
- Click Add certificate.
- In the menu that opens, select Let's Encrypt certificate.
- In the window that opens, enter a name for the certificate.
- (Optional) Add a description for the certificate.
- In the Domains field, specify the domains you want to issue the certificate for.
- Select the type of check for domain rights:
HTTP
. - Click Create.
Passing the domain rights check
-
Create a file for the check:
- Go to the management console
. - Select Certificate Manager.
- Select a certificate with the
Validating
status in the list and click it. - Under Check rights for domains:
- Copy the link from the Link for hosting file field:
- The part of the link like
http://example.com/.well-known/acme-challenge/
is the path to host your file at. - The second part of the link,
rG1Mm1bJ...
, is the file name that you should use.
- The part of the link like
- Copy the contents of the file from the Contents field.
- Copy the link from the Link for hosting file field:
- Go to the management console
-
Upload the created file to the bucket so that it's hosted in the directory
.well-known/acme-challenge
:AWS CLIaws --endpoint-url=https://storage.il.nebius.cloud \ s3 cp <file name> s3://<bucket name>/.well-known/acme-challenge/<file name>
-
Wait until the certificate status changes to
Issued
. -
Delete the file you created from the bucket:
AWS CLIaws --endpoint-url=https://storage.il.nebius.cloud \ s3 rm s3://<bucket name>/.well-known/acme-challenge/<file name>
Warning
To renew a certificate, you have to perform certain actions. Keep track of the lifecycle of your certificates to renew them on time. For more information, see Renew a certificate.
Set up static website access over HTTPS
- Log in to the management console
. - Select Object Storage.
- On the Buckets tab, click on the bucket named as the domain.
- Go to the HTTPS tab.
- In the panel that opens on the right, click Configure.
- Under Source, select Certificate Manager.
- In the Certificate field, select the certificate from the list that opens.
- Click Save.