Can't attach a personal certificate to a resource
Check whether there is an empty line at the end of a certificate chain. The line is often forgotten, the error occurs because of this. This is how the chain with an empty line at the end looks:
Full instructions for attaching a certificate: Add an SSL certificate to deliver content over HTTPS.
Can't get Let's Encrypt certificate
Check whether the rules you created overlap the path "/.well-known/acme-challenge/". This is the path for issuing a certificate, in many cases, such a rule (for example, with the path "/.*") does not allow issuing the certificate. Disable the rule, get the certificate, and enable the rule again.
You can check whether the rule blocks the certificate issuance path using this service.
Check whether you have added a CNAME record with our domain. Your domain's DNS records must have a CNAME record with your personal zone as the value. The certificate cannot be issued without it. Be advised that the changes to DNS records, depending on the provider might take up to 24 hours to be reflected worldwide and we will not be able to issue the certificate until the records have been propagated. You will find the value for the record in the second step of the setup guide for the resource:
Make sure that enough time has passed since the start of the issuance. Issuance and subsequent propagation of a Let's Encrypt certificate on all servers might take up to 30 minutes. During that time we strongly suggest not stopping the issuing process and/or adding your own certificate to the resource.
In case you are using Cloudflare DNS. Be sure not to set the CNAME Flattering option to Flatten all CNAMEs. This will cause Cloudflare to return an A-record instead of a CNAME, which will prevent the issuance of a Let's Encrypt certificate. To successfully issue a Let's Encrypt certificate, set the CNAME Flattering option to Flatten CNAME at root.
Redirect HTTP to HTTPS is enabled.
During the issuing of the certificate
Let's Encrypt certificate was not automatically renewed on it's expiration.
If a certificate was not renewed automatically, we recommend to check whether the auto-renewal is enabled.
-
Send a GET request https://api.gcore.com/cdn/resources /{resource_id}. The sslData field is supposed to contain a certificate ID. API documentation can be found here.
-
Send a GET request https://api.gcore.com/cdn/sslData/{ssl_id} for the certificate issued in the previous step. The automated field is supposed to have value: "True". API documentation can be found here.
For a certificate, "true" in the automated field guarantees that it is a Let's Encrypt certificate. The ssl_automated field in the resource settings only determines whether the certificate will be renewed automatically. If it's a third-party certificate, i.e., automated contains "false", then ssl_automated cannot be "true", it is supposed to be "false".
If these tips don’t help, write to technical support via the chat in the corner of the screen — we will help you.
Comments
0 comments
Please sign in to leave a comment.