Let's Encrypt managed certificate
OpenResty Edge can obtain TLS certificate from Let’s Encrypt automatically.
This feature supports single domain (example.com
),
Subject Alternate Name (SAN) as well as
wildcard (*.example.com
) domains, or their combination.
In order for Edge to obtain certificate from Let’s Encrypt, the following prerequisites must be satisfied:
For non-wildcard domains:
- Domain must be resolved to node belonging to this Edge installation
For wildcard domains:
- The authoritative name server for the apex must be hosted using this Edge installation
Here is how to obtain a certificate from Let’s Encrypt:
Click “New Certificate” button, and select “Let’s Encrypt”.
Put in one or more domain name(s) to be signed. Then click “Save”.
Now the certificate has been added, you can refresh this page to see it’s status.
Note that a new certificate is automatically obtained under the following conditions:
- When a new Let’s Encrypt cert item was added.
- When the domain list of an existing Let’s Encrypt cert item was modified.
- When the expiration time on the certificate is less than 30 days.
The buttons to the right has the following features:
- First button shows the current status of the certificate. You can hover your mouse to check the status text, or click on it to see detailed log information. This is particularly useful when debugging certificates that failed to issue.
- Second button triggers causes Edge to immediately attempt to reissue this certificate. This feature is generally not used unless status shows failure.
- Third button allows modifications to the domain list.
- Forth button removes this certificate.