After an SSL certificate is issued, you can create a deployment task in the Certificate Management Service console to upload the certificate-related file to the specified directory of a cloud server, or replace the existing certificate file in the specified directory of the cloud server with the certificate file of the issued certificate. This way, the certificate can be used by a web application that is hosted on the cloud server. This prevents errors that may occur and complex operations during manual download or upload of the certificate.
Limits
You can deploy only one certificate to a cloud server in each deployment task.
You can deploy certificates to the following types of cloud servers in the Certificate Management Service console: simple application servers and Elastic Compute Service (ECS) instances.
Prerequisites
A certificate is issued. For more information, see Purchase an SSL certificate and Apply for an SSL certificate.
If you want to deploy uploaded certificates, make sure that a deployment quota is purchased. For more information, visit the deployment quota buy page.
If you deploy paid certificates, the deployment quota is not consumed.
Procedure
Log on to the Certificate Management Service console.
In the left-side navigation pane, choose .
On the Deployment to Cloud Servers page, click Create Task and perform the following steps:
In the Select Certificate step, select the certificate that you want to deploy and click Next.
You can deploy one certificate to a cloud server in each deployment task. If you want to deploy multiple certificates, create multiple deployment tasks.
Parameter
Description
Task Name
The name of the deployment task.
Certificate Type
The type of the certificate that you want to deploy. Valid values: Paid Certificate and Upload Certificate. If you deploy an uploaded certificate, the deployment quota is consumed.
In the Select Resource step, select the cloud server to which you want to deploy a certificate, and click Next.
The system automatically identifies and displays all cloud servers that host web applications within the current Alibaba Cloud account. If the cloud server to which you want to deploy a certificate is not displayed, click Synchronize Cloud Resources in the upper-right corner of the cloud server list. If the required cloud server is still not displayed, check whether a web application such as NGINX or Tomcat is deployed on the cloud server.
If a certificate is deployed on a cloud server before you create the task, the system displays the name of the certificate.
In the Task Deployment step, deploy the certificate to the cloud server based on the following table and click OK.
ImportantIf no configuration path to the certificate exists on the cloud server, the system automatically creates a configuration path for the certificate. The path configured in the console must be consistent with the path to the certificate-related file configured in the web application of the cloud server.
Parameter
Description
Example
Certificate Path
The absolute path to the certificate on the cloud server.
Example for Linux: /ssl/cert.pem.
Example for Windows: c:\ssl\cert.pem.
Private Key Path
The absolute path to the private key file of the certificate on the cloud server.
Example for Linux: /ssl/cert.key.
Example for Windows: c:\ssl\cert.key.
Certificate Chain Path
The absolute path to the certificate chain file on the cloud server.
Example for Linux: /ssl/cert.cer.
Example for Windows: c:\ssl\cert.cer.
Reload Command
After the certificate is deployed, you must restart the web application on the cloud server or reload the application configuration file for the certificate to take effect. Therefore, you must specify a restart or reload command for the web application.
ImportantA service startup failure may occur when you run the restart or reload command. If a service startup failure occurs, go to the cloud server to troubleshoot the issue.
If the web application of the cloud server is NGINX, the reload command for the NGINX configuration file is
nginx -s reload
.In the Tip message, click OK.
References
For more information about how to deploy a certificate to a web application of an ECS instance, see Install a certificate on a server.