If you want to enable HTTPS encryption for your website, you must obtain an SSL certificate. This topic walks you through how to purchase and use an SSL certificate by using Alibaba Cloud SSL Certificates Service. This topic helps you understand the operations that you can perform during the lifecycle of the certificate.

Step Operation Description References
1 Purchase a certificate instance in the SSL Certificates Service console. A certificate instance is a collection of certificate resources. You can purchase a certificate instance in the SSL Certificates Service console. The certificate instance is used to perform SSL certificate-related operations, such as submitting a certificate application and downloading the certificate after the certificate is issued. Purchase an SSL Certificates Service instance
2 Use the purchased certificate instance to submit a certificate application to a certificate authority (CA). A CA issues SSL certificates. You can use the purchased certificate instance to submit a certificate application to the CA. After the CA approves your certificate application, the CA issues the SSL certificate to you. Apply for a certificate
3 Install an issued certificate on your web server or deploy the certificate to an Alibaba Cloud service. A web server and clients can communicate over HTTPS only after the certificate is installed on the web server as required. The operations to install certificates on web servers vary based on the server types. Links to the topics about how to install certificates on common web servers are provided for reference.

You can deploy issued SSL certificates only to specific Alibaba Cloud services with a few clicks. Some Alibaba Cloud services require SSL certificates to deliver specific functionality. If you deploy SSL certificates to these services, you must also install SSL certificates on web servers.

4 If a certificate is about to expire, renew the certificate and replace the certificate with the newly issued certificate. By default, the validity period of an SSL certificate issued by a CA is one year. After the certificate expires, the certificate is not trusted by your website, and the access to HTTPS services from clients is affected. You can manually renew a certificate within 30 calendar days before the certificate expires.

To renew an existing certificate that is about to expire, purchase a certificate instance that has the same specifications as the existing certificate. Then, use the instance to apply for a certificate. After the existing certificate is renewed, you must install the newly issued certificate on your web server or deploy it to an Alibaba Cloud service to replace the existing certificate.

Overview
5 If you no longer need the certificate, submit an application to the CA to revoke the certificate. If you no longer need a valid certificate, we recommend that you submit an application in the SSL Certificates Service console to the CA to revoke the certificate. If the certificate is not revoked, security risks may occur. For example, the certificate information may be stolen. After the certificate is revoked, the certificate information is cleared from the CA that issued the certificate, and the revoked certificate becomes invalid. Revoke an SSL certificate