All Products
Search

This Product

    Container Service for Kubernetes:Customize API server certificate SANs

    Document Center

    Container Service for Kubernetes:Customize API server certificate SANs

    Last Updated:Jun 24, 2026

    For special proxy or cross-domain access requirements, you can customize the SANs for a new or existing cluster in the ACK console.

    Prerequisites

    You have created an ACK managed cluster, ACK dedicated cluster, or ACK Serverless cluster. For more information, see Create an ACK managed cluster, Create an ACK dedicated cluster (Creation is no longer supported), or Create a cluster.

    Important

    • You cannot customize SANs for an ACK Serverless cluster when you create it. You can only update the SANs for an existing cluster.

    • You can customize SANs for an ACK dedicated cluster only when you create it. You cannot update the SANs for an existing cluster.

    SAN overview

    SAN is an extension to the X.509 standard. This extension allows you to associate multiple values, such as IP addresses, domain names, URIs, and email addresses, with a single SSL certificate by using the subjectAltName field.

    Customize API server certificate SANs

    New cluster

    This section uses an ACK managed cluster as an example to demonstrate how to customize API server certificate SANs during cluster creation. The procedure is similar for other cluster types.

    During cluster creation, on the Cluster Configurations page, click Show Advanced Options. In the Custom Certificate SANs field, enter the required values. For more information, see Create an ACK managed cluster.

    Note

    In the Custom Certificate SANs field, you can enter valid custom IP addresses, domain names, and URIs. Separate multiple values with commas.

    The Custom Certificate SANs field can contain domain names and IP addresses.

    Existing cluster

    Important

    Updating or modifying custom SANs restarts the cluster's API server. To minimize business impact, we recommend performing this operation during off-peak hours.

    1. Log on to the ACK console. In the left navigation pane, click Clusters.

    2. On the Clusters page, click the name of your cluster. In the left navigation pane, click Cluster Information.

    3. On the Cluster Information page, click the Basic Information tab. In the Network section, click Edit to the right of Custom Certificate SANs.

    4. In the Update Custom SAN dialog box, configure the Custom Certificate SANs field and then click OK.

    Related documents

    API server audit logs record and trace user operations. For more information, see Work with cluster auditing.