How to Enable HTTPS-Domain Names(Domain)-阿里云帮助中心

HTTPS adds a security verification mechanism on top of HTTP to secure data in transit and prevent browsers from flagging your site as "Not Secure." If your website displays an error such as "Cannot provide a secure connection," this is typically because an SSL certificate is not configured or has expired. This topic describes how to configure an SSL certificate to enable HTTPS for your website.

Wanxiaozi provides two methods to obtain and configure an SSL certificate. Choose one based on your needs:

Solution 1: One-click configuration (Automatic certificate application)
This method is simple and supports automatic certificate renewal.
Solution 2: Manual deployment (Use an existing certificate or apply for one manually)
This method involves more steps, requiring you to manually apply for, verify, and download the certificate. This method is suitable if you already have a certificate from a third-party provider or need to manage certificate files manually.

Solution 1: One-click configuration

After you bind a domain name and configure its resolution in the Wanxiaozi console, the system automatically completes the security certificate configuration. The certificate is valid for 90 days and will be automatically renewed one week before it expires.

After the configuration is complete, the HTTPS column on the domain management page will show Enabled.

Solution 2: Manual deployment

If you already have certificate files, you can skip to Step 4: Configure the certificate.

Step 1: Obtain a certificate

Alibaba Cloud certificate: This tutorial uses a Personal Test Certificate (Free Edition) as an example. A single free certificate is valid for 90 days. After it expires, you must reapply for and install a new one. You can also purchase a paid certificate based on your needs. For more information, see SSL Certificate Selection Guide.
Third-party provider: Follow the instructions provided by your certificate provider.

Log on to the Certificate Management console or . In the left-side navigation pane, choose Certificate Management > SSL Certificate Management V2.0. On the Individual Test Certificate (Formerly Free Certificate) tab, click Purchase Certificate.
On the Purchase Certificate page, specify the Purchase Quantity, keep other settings at their default values, select Certificate Management Service Terms of Service and Technical Support Agreement for Certificate Management Service, and then click Buy Now to complete the payment.
Note
- If you do not meet the rules for obtaining a personal test certificate (Free Edition), see Purchase a personal test certificate (Pro).
- A personal test certificate (Free Edition) cannot be canceled after it is obtained. If it remains unused within 3 months of being obtained, the quota for that year is automatically returned.

Step 2: Certificate application and domain verification

The following example uses an Alibaba Cloud Personal Test Certificate (Free Edition):

Log on to the SSL Certificates Service console or the . On the Personal Test Certificates (Formerly Free Certificates) tab, click Create Certificate.

Enter the required information and keep the default settings for other parameters. Verify that the information is correct, and then click Submit for Review.

Domain Name: Enter the domain name for which you want to apply for the certificate, such as example.com.
Select Quick Issue and enter the following information.
Domain Name Verification Method: Select Automatic DNS Verification.
Because the DNS service for the example domain example.com is managed by the current account, the system automatically selects Automatic DNS Verification. After the purchase, the system automatically performs DNS verification. You only need to wait for the certificate to be issued.
Note
If the Alibaba Cloud account used for this application is different from the account that manages the domain in Alibaba Cloud DNS, you can choose one of the following methods:
- Manual DNS Verification: This method requires you to add a DNS record (a CNAME or TXT record) with the specified verification information at your domain's DNS provider.
- File-based verification: This method verifies your domain ownership by creating a specific file on your domain's web server.
For more information about verification methods, see Domain Ownership Verification.
Contact: Select a contact for this certificate application.

Complete domain validation. On the Individual Test Certificate (Formerly Free Certificate) tab, find the target certificate instance, and click Verify in the Actions column. Follow the on-screen instructions to complete domain ownership validation.
After domain ownership validation succeeds, the certificate is typically issued within 1 to 15 minutes. After issuance, the Status changes to Issued. If the certificate is not issued after a long wait, check whether the DNS validation configuration is correct.
Note
- The certificate takes effect from the date of issuance and is valid for 90 days.
- If validation fails to pass for an extended period, for example, due to incorrect file content, mismatched DNS record values, or DNS validation timeout, see FAQ for domain ownership validation for solutions.

Step 3: Download certificate files

Find the issued certificate and select it. In the lower-left corner of the certificate list, click Download.
Select the Nginx type and click Download.
In the Batch Download Certificates dialog box, the certificate format for the Nginx server type is pem/key.

Step 4: Configure the certificate

If you obtained your SSL certificate from another provider, make sure to download the Nginx type.

Go to the Wanxiaozi console. In the left-side navigation pane, select Domain Management, and then click Configure HTTPS with Your Own Certificate in the Actions column.
If this option is not available, complete domain name ICP filing or DNS verification as prompted.

Enter the certificate information.

In the dialog box, enter the following information to enable HTTPS for your website.

Certificate Name: Enter an easily recognizable name.
Certificate Content: Open the .pem or .crt certificate file with a text editor, copy its entire content, and paste it into this text box.
Private Key: Open the .key private key file with a text editor, copy its entire content, and paste it into this text box.

FAQ

Why does my browser still show a "Not Secure" warning after I enable HTTPS?

Common causes include:

Scenario 1: The Personal Test Certificate (Free Edition) is valid for 90 days. After the certificate expires, browsers will mark the site as insecure.
Solution: Apply for and deploy a new certificate.
Scenario 2: The webpage contains mixed content, meaning it loads external resources such as .js or .css files or images over HTTP.
Solution: Remove or update all non-HTTPS external references to use HTTPS.
Scenario 3: The domain name entered during the certificate application does not match the domain being accessed.
Solution: Reapply for and deploy a certificate using the correct domain name.
Scenario 4: An untrusted root certificate was used.
Solution: Follow the steps in Solution 2 to reapply for and deploy a valid certificate.