Replace SSL/TLS certificates before they expire to avoid service disruption. CLB provides two methods: replace the certificate on a specific listener, or replace it globally from the Certificates page.
Replace the certificate on a listener
Replace the server certificate for a single HTTPS listener.
Console
In the CLB console, click your instance ID and go to the Listener tab.
Find the HTTPS listener and click Manage Certificate in the Actions column.
Select a new certificate from the Server Certificate (Default Certificate) dropdown, and click OK.
You can also click Create Server Certificate to add a new one. See Create a certificate.
API
Call SetLoadBalancerHTTPSListenerAttribute with RegionId, LoadBalancerId, ListenerPort and ServerCertificateId.
To delete the old certificate, go to CLB > Certificates. Certificates still associated with a listener cannot be deleted.
Replace a certificate from the Certificates page
Replace a certificate globally. All listeners and additional domain names associated with the certificate automatically switch to the new one.
Only certificates associated with at least one listener or additional domain name can be replaced using this method.
Console
In the CLB console, go to CLB > Certificates.
Find the certificate to replace and click Change Certificates in the Actions column.
On the Replace Server Certificate page, choose one of the following:
Create and Replace Certificate:
Select Alibaba Cloud Certificates to use a certificate from Certificate Management Service.
Select Third-party Certificates to upload a new one. See Add a third-party certificate.
Replace with Existing Certificate: Select an existing server certificate from the dropdown.
Click Change Certificates.
API
Call SetLoadBalancerHTTPSListenerAttribute with
RegionId,LoadBalancerId,ListenerPortandServerCertificateId.Call SetDomainExtensionAttribute with
RegionId,DomainExtensionIdandServerCertificateId.