Skip to main content

SSL/TLS Certificates

SSL/TLS Certificates is a managed certificate inventory for your organization: issue free managed certificates (Let's Encrypt), upload your own, and reuse them across every VNETWORK service. Managed certificates auto-renew — nothing expires unnoticed — and every action is recorded in an audit trail.

Beta

This service is in beta. Features and limits may change; expect the occasional rough edge.

Activate

Open Services → Security → SSL/TLS Certificates. The inventory is scoped to your organization; once activated it opens on the certificate list.

SSL Certificates — add a certificate

Add a certificate

Issue free SSL (Let's Encrypt)

Enter one or more domains (space- or comma-separated) and click Issue free SSL. A leading *. issues a wildcard (validated over DNS-01). For domains VNETWORK already controls, issuance is automatic; for external domains you add a one-time DNS record (below).

Upload your own

Upload certificate reveals fields to paste your existing PEM material — the certificate (leaf, optionally with chain), an optional certificate chain, and the private key (which must match the certificate).

Upload a certificate

Finish issuing an external domain (DNS delegation)

When you request a certificate for a domain VNETWORK doesn't host, it appears as awaiting DNS with a delegation panel: add the one-time CNAME it shows at your domain's DNS, then I've added it — check now. VNETWORK validates and issues automatically, and renews forever with no further action. (The page also re-checks on its own.)

DNS delegation — one-time CNAME

Inventory

The Inventory lists every certificate for your organization — Domains, Status, Source, Expires (with an Expiring soon / Expired badge) and revision count. Search by domain and filter by status.

Certificate inventory

ColumnNotes
StatusActive · Awaiting DNS · Issuing · Pending · Failed · Revoked.
SourceLet's Encrypt (managed, auto-renewing), Uploaded (your own PEM), or shared_wildcard (a platform wildcard).
ExpiresIssue date's expiry; managed certs renew automatically ~30 days out.

Filter by status

Certificate actions

Each row exposes actions depending on the certificate's state:

  • Download — for active, reusable certificates: a menu to download the full chain, private key, certificate only or chain only as PEM. The private key is secret — store it securely.

    Download menu

  • Recheck DNS — for an awaiting DNS certificate, re-validate the delegation now.

  • Renew — for managed (Let's Encrypt) certificates. Manual renewal is gated to the last ~30 days before expiry (they auto-renew anyway); the button explains when it's blocked.

  • Revoke — stops renewal and invalidates the certificate.

Revoking cannot be undone

Revoke permanently stops renewal for that certificate and can't be undone. Only revoke a certificate you're sure is no longer in use — services still relying on it will break.

Revoke confirmation

Activity

The Activity feed is an organization-wide audit trail — who did what, when: issued, uploaded, renewed, re-checked, downloaded and revoked. Filter by action, and click a row to expand the full detail (actor, client IP, user agent, resource and the change payload).

Activity feed with an expanded entry

tip

Prefer Issue free SSL for anything VNETWORK can validate — managed certificates renew themselves, so you never chase an expiry. Reach for Upload only when you must use a certificate from a specific CA. A certificate here can be reused across Multi-CDN, WAAP and other services.