Yandex.Cloud
  • Services
  • Why Yandex.Cloud
  • Solutions
  • Pricing
  • Documentation
  • Contact us
Get started
Yandex Certificate Manager
  • Getting started
  • Step-by-step instructions
    • All instructions
    • Let's Encrypt® certificate
      • Create a certificate
      • Get the contents of a certificate
      • Domain rights check procedure
      • Renew a certificate
      • Edit a certificate
      • Delete a certificate
    • User certificate
      • Create a certificate
      • Get the contents of a certificate
      • Renew a certificate
      • Edit a certificate
      • Delete a certificate
    • Domain
      • Create a domain
      • Renew a domain certificate
      • Update a domain
      • Delete a domain
    • Backups
    • Adding alerts for certificates
  • Concepts
    • Overview
    • Let's Encrypt® certificate
    • User certificate
    • Check rights for domain
    • Integration with Yandex.Cloud services
    • Quotas and limits
    • Domain
      • Overview
      • Integration with Yandex.Cloud services
  • Access management
  • Pricing policy
  • API reference
    • Authentication in the API
    • gRPC
      • Overview
      • CertificateContentService
      • CertificateService
      • OperationService
    • REST
      • Overview
      • Certificate
        • Overview
        • create
        • delete
        • get
        • list
        • listAccessBindings
        • listOperations
        • requestNew
        • setAccessBindings
        • update
        • updateAccessBindings
      • CertificateContent
        • Overview
        • get
  • Questions and answers
  1. Getting started

Getting started with Certificate Manager

  • Before you start
  • Create a request for a Let's Encrypt certificate
  • Passing the domain rights check
  • Set up static website access over HTTPS

By following these instructions, you'll create your first Let's Encrypt® certificate and use it to set up HTTPS access to your static website hosted in Yandex Object Storage.

Before you start

To get started with Certificate Manager, you need:

  1. A folder in Yandex.Cloud. If you don't have a folder, create one:

    1. Click Create folder in the Home page of the management console.

    2. Enter the folder name.

      • Length — from 3 to 63 characters.
      • The name may contain lowercase Latin letters, numbers, and hyphens.
      • The first character must be a letter. The last character can't be a hyphen.
    3. Select Create a default network. A network is created with subnets in each availability zone.

    4. Click Create.

  2. A third level (or higher) domain that the Let's Encrypt® certificate is issued for.

    Note

    To pass the domain rights check, you must have control of the domain.

  3. A public bucket in Object Storage with exactly the same name as the domain. If that bucket doesn't exist, create it:

    Management console
    1. In the management console, select the folder where you want to create a bucket.
    2. Select Object Storage.
    3. Click Create bucket.
    4. Enter exactly the same name for the bucket as the domain name.
    5. Selected the type of access Public.
    6. Select the default storage class.
    7. Click Create bucket to complete the operation.
  4. Set up hosting in the bucket:

    Management console
    1. In the management console, select Object Storage.
    2. In the Buckets tab, click the bucket with the same name as the domain.
    3. In the left pane, select Website.
    4. Select Hosting and enter your website home page.
    5. Click Save to complete the operation.
  5. Configure the alias for your bucket at your provider's DNS or on your own DNS server.

    For instance, for the www.example.com domain, add the following record:

    www.example.com CNAME www.example.com.website.yandexcloud.net
    
  6. Install and configure the AWS CLI by following our instructions.

Create a request for a Let's Encrypt certificate

Management console
  1. Go to the management console.
  2. Select Certificate Manager.
  3. Click Add certificate.
  4. In the menu that opens, select Let's Encrypt certificate.
  5. In the window that opens, enter a name for the certificate.
  6. (Optional) Add a description for the certificate.
  7. In the Domains field, specify the domains you want to issue the certificate for.
  8. For the Check type of the domain rights check, select: HTTP.
  9. Click Create.

Passing the domain rights check

  1. Create a file for the check:

    1. Go to the management console.
    2. Select Certificate Manager.
    3. Select a certificate with the Validating status in the list and click it.
    4. Under Check rights for domains:
      1. Copy the link from the Link for hosting file field:
        • The part of the link that looks like http://example.ru/.well-known/acme-challenge/ is the path to host the file at.
        • The second part of the link, rG1Mm1bJ..., is the file name that you should use.
      2. Copy the contents of the file from the Contents field.
  2. Upload the created file to the bucket so that it's hosted in the directory .well-known/acme-challenge:

    AWS CLI
    aws --endpoint-url=https://storage.yandexcloud.net \ 
       s3 cp <file name> s3://<bucket name>/.well-known/acme-challenge/<file name>
    
  3. Wait until the certificate status changes to Issued.

  4. Delete the file you created from the bucket:

    AWS CLI
    aws --endpoint-url=https://storage.yandexcloud.net \ 
       s3 rm s3://<bucket name>/.well-known/acme-challenge/<file name>
    

Warning

To renew a certificate, you have to perform certain actions. Keep track of the lifecycle of your certificates to renew them on time. For more information, see Renew a certificate.

Set up static website access over HTTPS

Management console
  1. Log in to the management console.
  2. Select Object Storage.
  3. In the Buckets tab, click the bucket with the same name as the domain.
  4. Go to the HTTPS tab.
  5. In the panel that opens on the right, click Configure.
  6. Under Source, select Certificate Manager.
  7. In the Certificate field, select the certificate from the list that opens.
  8. Click Save.

See also

  • Let's Encrypt® certificate
  • Check rights for domain
  • Set up HTTPS in a bucket
In this article:
  • Before you start
  • Create a request for a Let's Encrypt certificate
  • Passing the domain rights check
  • Set up static website access over HTTPS
Language / Region
Careers
Privacy policy
Terms of use
Brandbook
© 2021 Yandex.Cloud LLC