DocsICP FilingConsole
官方文档
首页

Replace a certificate

更新时间:
复制 MD 格式
产品详情
我的收藏

Replace SSL/TLS certificates before they expire to prevent service disruption. CLB supports two replacement methods.

Method Scope When to use
Replace the certificate on a listener Single HTTPS listener Update one listener at a time.
Replace a certificate from the Certificates page All associated listeners and additional domain names Update all resources using a certificate at once.

Replace the certificate on a listener

Update the server certificate for a specific HTTPS listener.

Console

  1. Log on to the CLB console, click the target instance ID, and click the Listener tab.

  2. Find the HTTPS listener and click Manage Certificate in the Actions column.

  3. Select a new certificate from the Server Certificate(Default Certificate) dropdown and click OK.

    Tip: To add a new certificate, click Create Server Certificate. Create a certificate.

API

Call SetLoadBalancerHTTPSListenerAttribute with the following parameters:

Parameter Description
RegionId Region of the CLB instance.
LoadBalancerId ID of the CLB instance.
ListenerPort Port of the HTTPS listener.
ServerCertificateId ID of the new server certificate.

Delete the old certificate

After replacement, you can delete the old certificate from CLB > Certificates. Certificates associated with a listener cannot be deleted.

Replace a certificate from the Certificates page

Replace a certificate globally. All associated listeners and additional domain names switch to the new certificate automatically.

The certificate must be associated with at least one listener or additional domain name.

Console

  1. Log on to the CLB console and navigate to CLB > Certificates.

  2. Find the target certificate and click Change Certificates in the Actions column.

  3. On the Replace Server Certificate page, select an option:

    • Create and Replace Certificate

      • Alibaba Cloud Certificates -- Use a certificate from Certificate Management Service.

      • Third-party Certificates -- Upload a new certificate. Add a third-party certificate.

    • Replace with Existing Certificate -- Select an existing server certificate from the dropdown.

  4. Click Change Certificates.

API

Call the API operation for the target resource type:

Resource type API operation Required parameters
Listener SetLoadBalancerHTTPSListenerAttribute RegionId, LoadBalancerId, ListenerPort, ServerCertificateId
Additional domain name SetDomainExtensionAttribute RegionId, DomainExtensionId, ServerCertificateId

If the certificate is associated with both resource types, call both operations.

Related topics

Previous:Generate a CA certificateNext:CLB server groups