January 24, 2019

Origin Server Certificates

  Technical Reference, TLS, Zone Management

     

A certificate for your order server(s) can be obtained using Let's Encrypt.

If the domain of the server points directly to the server, you can obtain a certificate using Let's Encrypt normally. This may be the case if you assign a hostname to each server. For example, if the domains example.com and www.example.com point to NuevoCloud, and server1.example.com points to your server.

Alternatively, if your domain points to NuevoCloud and your server expects the same hostname, NuevoCloud will forward Let's Encrypt HTTP challenges to your origin server. In the NuevoCloud settings for the server, the hostname must be set to the same hostname requested through Let's Encrypt. You must also use the HTTP-01 challenge type when requesting the certificate. If you're using certbot, this can be specified using the --preferred-challenges option:

certbot --preferred-challenges http -d example.com

If your zone has multiple origin servers that use the same domain name, NuevoCloud will forward the challenge to each server. The first server to respond with a valid challenge response will be used to satisfy the Let's Encrypt challenge.

Once you have obtained a valid certificate for your origin server, we strongly recommend enabling the Verify Certificate option in the NuevoCloud origin server settings.