Certificate Management Service:Deploy a certificate to a cloud server

Limits

• You can deploy only one certificate to a cloud server in each deployment task.

• You can deploy certificates to the following types of cloud servers in the Certificate Management Service console: simple application servers and Elastic Compute Service (ECS) instances.

Prerequisites

• A certificate is issued. For more information, see Purchase an SSL certificate and Apply for an SSL certificate.

• If you want to deploy uploaded certificates, make sure that a deployment quota is purchased. For more information, visit the deployment quota buy page.

  If you deploy paid certificates, the deployment quota is not consumed.

Procedure

1. Log on to the Certificate Management Service console.

2. In the left-side navigation pane, choose Deployment and Resource Management > Deployment to Cloud Servers.

3. On the Deployment to Cloud Servers page, click Create Task and perform the following steps:

   1. In the Select Certificate step, select the certificate that you want to deploy and click Next.

      You can deploy one certificate to a cloud server in each deployment task. If you want to deploy multiple certificates, create multiple deployment tasks.

      Parameter	Description
      Task Name	The name of the deployment task.
      Certificate Type	The type of the certificate that you want to deploy. Valid values: Paid Certificate and Upload Certificate. If you deploy an uploaded certificate, the deployment quota is consumed.

   2. In the Select Resource step, select the cloud server to which you want to deploy a certificate, and click Next.

      

      • The system automatically identifies and displays all cloud servers that host web applications within the current Alibaba Cloud account. If the cloud server to which you want to deploy a certificate is not displayed, click Synchronize Cloud Resources in the upper-right corner of the cloud server list. If the required cloud server is still not displayed, check whether a web application such as NGINX or Tomcat is deployed on the cloud server.

      • If a certificate is deployed on a cloud server before you create the task, the system displays the name of the certificate.

   3. In the Task Deployment step, deploy the certificate to the cloud server based on the following table and click OK.

      Important

      If no configuration path to the certificate exists on the cloud server, the system automatically creates a configuration path for the certificate. The path configured in the console must be consistent with the path to the certificate-related file configured in the web application of the cloud server.

      Parameter	Description	Example
      Certificate Path	The absolute path to the certificate on the cloud server.	Example for Linux: /ssl/cert.pem. Example for Windows: c:\ssl\cert.pem.
      Private Key Path	The absolute path to the private key file of the certificate on the cloud server.	Example for Linux: /ssl/cert.key. Example for Windows: c:\ssl\cert.key.
      Certificate Chain Path	The absolute path to the certificate chain file on the cloud server.	Example for Linux: /ssl/cert.cer. Example for Windows: c:\ssl\cert.cer.
      Reload Command	After the certificate is deployed, you must restart the web application on the cloud server or reload the application configuration file for the certificate to take effect. Therefore, you must specify a restart or reload command for the web application. Important A service startup failure may occur when you run the restart or reload command. If a service startup failure occurs, go to the cloud server to troubleshoot the issue.	If the web application of the cloud server is NGINX, the reload command for the NGINX configuration file is nginx -s reload.

   4. In the Tip message, click OK.

      

References

For more information about how to deploy a certificate to a web application of an ECS instance, see Install a certificate on a server.