Automatic renewal of certificates
July 11, 2024
ID 267936
Automatic certificate renewal is available for certificates, that have connected resources.
Certificates are required for encrypted connection to web resources. Automatic renewal allows to issue a new TLS certificate for connected domain names without help of a technical specialist. Certificate s are issued by Let's Encrypt certificate authority. A new certificate is valid for 90 days and is automatically renewed in 32 days before the certificate expires.
A certificate is successfully automatically renewed if the following conditions are met:
- All resources connected to the certificate have a TCP\80 filtering profile with a configured HTTP proxying protocol.
- All domain names connected to the certificate have a DNS A record specifying the IP address issued by KDP.
It is possible to self-check for compliance with the conditions. To do this, follow these steps:
- Ensure that IP address specified in the resource settings is presented in DNS A records for all domain names.
- Ensure the configuration is correct. To do this, follow these steps:
- Navigate to the Resources section.
- Select the required resource.
- Navigate to the Settings tab.
- Click Download full config.
- In the downloaded .txt file, check for a filtering profile to which the certificate is connected.
If a user needs help enabling automatic certificate renewal, contact KDP Network Operations Service.
To enable automatic renewal of a certificate, follow these steps:
- For certificates which should be renewed, select the checkbox. The following pop-up window appears:
- Click Continue. The certificate will be added to the list for automatic renewal.
In case of an error, the certificate is highlighted as follows:
To resolve the error, check that conditions for successful certificate renewal are met. After resolving the error, follow these steps:
- Click the button. A window with details about the certificate opens:
- Click Renew certificate now. The certificate is renewed.