1 of 20
2 of 20
3 of 20
4 of 20
5 of 20
6 of 20
7 of 20
8 of 20
9 of 20
10 of 20
11 of 20
12 of 20
13 of 20
14 of 20
15 of 20
16 of 20
17 of 20
18 of 20
19 of 20
20 of 20

doc

How to generate a Let’s Encrypt certificate for your domain

Web applications that use the HTTPS protocol require a digital certificate. When you redirect your traffic to Azion, you have the option to generate a Let’s Encrypt™ certificate, which is a free and secure way to encrypt data for your edge application. Azion will handle the management of this SSL certificate, eliminating the need for manual renewal when it expires.

Validating domain ownership to issue a Let’s Encrypt certificate

To activate your Let’s Encrypt certificate, you must have a registered top-level domain. Domains can be purchased from a domain registrar or hosting services.

For the purposes of this guide, the placeholder <your_domain> represents a root domain in the format yourdomain.com or a subdomain, such as subdomain.yourdomain.com.

Once you have a registered domain, you must allow Azion to verify the CNAME record using the domain registrar’s DNS management tools. Azion uses the DNS-01 ACME client challenge to issue your Let’s Encrypt certificate.

Since Azion allows you to host DNS zones, you may redirect your DNS resolution to Intelligent DNS. To activate the Let’s Encrypt certificate, you must ensure that the CNAME entry of your Azion domain has been created in the correct zone. If this has been done, the ACME challenge will occur automatically, so you may skip the following steps.

To allow the ACME challenge to occur:

  1. Access your domain registrar.
  2. Navigate to the DNS management area.
  3. Create a CNAME record for each domain you want to use the certificate. This must be the same CNAME you’ll add to the CNAME field when creating your Azion domain later.
    • If the CNAME already exists, you may skip this step.

  4. Add a new record to your domain as follows:

    • Name: _acme-challenge.<your_domain>
    • Value: <your_domain>.letsencrypt.azion.com
    • Type: CNAME
  1. Repeat steps 3 and 4 for every CNAME you intent to add to your Domain.
  2. Save your settings.

Now, you must create an Azion edge application that you want to associate to your domain. If you haven’t created an edge application yet, follow the Getting started guide.

Next, you need to create an Azion Domain and list the CNAMEs that you want to secure with the Let’s Encrypt certificate. To do so, follow these steps:

  1. Access Real-Time Manager.
  2. On the upper-left corner, select the three horizontal lines to open the Products menu > Domains.
  3. Click the Add Domain button.
  4. Name your domain.
  5. Under Edge Certificate, select the option Let’s Encrypt.
  6. Under CNAME, add <your_domain>, which is the domain you created in the previous steps.
  7. Under Edge Application, select the application for which you want to create the domain.
  8. Click the Save button.

Checking the status of Let’s Encrypt certificate

You can check the status of your Let’s Encrypt SSL certificate by following these steps:

  1. In Real-Time Manager, access the Products menu.
  2. Under EDGE LIBRARIES, select Digital Certificates.
  3. In your digital certificate list, you’ll see a new entry in the format <domain name> - Let's Encrypt <timestamp>.

The status on the right of the list shows you whether the certificate has been issued. An Active certificate has been verified and issued successfully. A Pending status means the certificate is still undergoing checks in Azion’s internal certificate manager.

Note: if the Pending status remains for over 48 hours, you must check if the CNAME records you listed in the Domain creation process are correct.

Pointing your traffic to Azion

Once you have an active Let’s Encrypt certificate, you can point your traffic to Azion by associating your Azion-provided domain (xxxxxxxxxx.map.azionedge.net) to your domain’s CNAME record. To do so:

  1. Access Real-Time Manager.
  2. On the top-left corner of the page, go to Products menu > Domains.
  3. From the list of domains, copy the Azion-provided domain that you want to associate to the external domain.
  4. In another browser tab, access your domain registrar.
  5. Navigate to the DNS management area.

  6. Edit the domain CNAME record with the Let’s Encrypt certificate as follows:

    • Name: <your_domain>
    • Value: xxxxxxxxxx.map.azionedge.net
    • Type: CNAME
  1. Save your settings.

Note that there might be a delay in propagation time when you access your application. If that’s the case, you can run the DIG command in your terminal to check whether your domain points to the Azion address.

Didn’t find what you were looking for? Open a support ticket.