Quickly Enabling HTTPS Access with EdgeOne Free Certificate
This document introduces how to use the free certificate service provided by EdgeOne, to help your website quickly achieve HTTPS access and reduce the workload of subsequent certificate updates and maintenance.
Background
HTTPS access has become a mainstream demand on the Internet. It can ensure secure data transmission for you to access websites, preventing such problems as information leakage and message hijacking. Additionally, in search engines, websites not enabling HTTPS are identified by the browser as unsecure websites and their search weights are also affected. Therefore, it is essential for websites to enable HTTPS access.
To achieve HTTPS access, you should find an appropriate free certificate authority (CA) to apply for a free certificate or purchase a more credible paid certificate. The following challenges exist:
1. Complex application process: Certificate application needs to be completed separately for each domain name and requires DNS validation or HTTP validation based on the CA's requirements. If there are a large number of domain names, DNS entries must be added for each domain name one by one to complete validation. The workload is relatively high.
2. High deployment and maintenance costs: After the certificate application is completed, you should deploy the certificate yourself on the server. If there are many certificates, you should deploy and maintain a correct certificate for each domain name to avoid HTTPS access errors. The update and maintenance workload is high.
3. Prone to expiration: Certificates must be renewed before expiration, otherwise HTTPS access alarms will occur. Especially for free certificates, the current validity period is 3 months generally, so frequent renewals are required.
4. High costs of paid certificates: Although the number of paid certificates can be reduced by applying for a wildcard domain name certificate and auto-renewal is supported, paid certificates are unsuitable for small websites or businesses with many domain names due to high costs.
Solution Strengths
The free certificate service provided by EdgeOne simplifies the implementation of HTTPS access, eliminating the cumbersome process of manual application, deployment, and maintenance of certificates. You can enable HTTPS for your websites with simple operations and enjoy auto-renewal and additional access acceleration and security protection services. Compared to purchasing paid SSL certificates or applying for free certificates from other authorities, it has the following advantages:
1. Simple application: You only need to click Apply for Free Certificate in the console, and EdgeOne will automatically complete the subsequent certificate application and validation process.
2. Easy deployment: Once the certificate application is completed, the certificate will be automatically issued and deployed, without the need to manually download and deploy the certificate.
3. Auto-renewal: The free certificate can be automatically renewed, without the need for manual maintenance, so as to avoid failure of HTTPS access to websites due to certificate expiration.
4. Additional services: After accessing EdgeOne, your site not only enables HTTPS access, but also obtains access acceleration and security protection capabilities, further enhancing the website access experience.
Certificate Type | EdgeOne Free Certificate | Paid SSL Certificate | Free Certificate Applied For by Yourself |
Fees | Free | Requires additional payment. | Free |
Application method | Automatic application and validation | Requires DNS validation or HTTP validation during the application. | Requires DNS validation or HTTP validation during the application. |
Deployment mode | Automatic deployment | Supports quick deployment within the same cloud resource and requires manual deployment for other resources. | Requires manual deployment. |
Update method | Automatic update | SSL certificates purchased from Tencent Cloud can be automatically renewed/updated after hosting. Certificates from other sources require manual updates. | Method 1: Apply for a free certificate to manually update it before expiration. Method 2: Maintain a code script to achieve automatic application/update of free certificates. |
Issuance speed | Issued immediately after validation. | 1 business day or above, depending on the certificate type. | Issued immediately after validation. |
Certificate credibility | General | High | General |
Note:
The current free certificate provided by EdgeOne is issued by Let‘s Encrypt. It is valid for 90 days and will be automatically renewed before expiration.
During application for a free certificate within EdgeOne, if your site uses CNAME access, you should complete the CNAME configuration for your domain name and wait for the CNAME status to take effect. If your site uses NS access, you should complete modifying DNS servers and wait for the resolution to take effect. Then you can apply for a free certificate.
Sample Scenario
For example, the current website plans to use the services of 5 domain names including
example.com
, www.example.com
, api.example.com
, image.example.com
, and video.example.com
, all of which require enabling HTTPS access. Below is a comparison of the differences in the HTTPS access implementation paths between accessing and not accessing EdgeOne.Not Accessing EdgeOne
When EdgeOne is not accessed, for implementing HTTPS access to websites, you should register a domain name, deploy the origin server services, and then choose a suitable CA to apply for the specified certificate. If there are multiple domain names, you should apply for a separate certificate for each domain name, or directly purchase a wildcard domain name certificate, and then deploy the certificate and enable the HTTPS service on each origin server separately, so as to achieve HTTPS access.
Before the certificate expires, you should renew it by applying for a new certificate from the CA in advance, and then update and redeploy it on the server. If there are a large number of domain names, HTTPS access errors may occur due to untimely certificate updates. Therefore, more maintenance work is required for HTTPS certificates.
Accessing EdgeOne for Free Certificates
After domain name access to EdgeOne, you can apply for a free certificate through EdgeOne, to automatically complete certificate application, issuance, and deployment and quickly achieve HTTPS access. Your origin server does not need to deploy an HTTPS certificate, and HTTP access can still be used for origin-pull.
Before the certificate expires, EdgeOne will automatically renew the certificate and deploy it to EdgeOne, saving you a lot of maintenance work.
Directions
1. Refer to Quick Start to complete site access and domain name access.
2. After domain name access, if your site uses CNAME access, you should complete CNAME configuration for your domain name and wait for the CNAME status to take effect; if your site uses NS access, you should complete modifying DNS servers and wait for the resolution to take effect. Then proceed to the next step.
3. In Domain Name Management, select
example.com
and click Edit in the HTTPS Configuration column. In the pop-up window for HTTPS certificate configuration, select Free certificate and then click OK.
4. After the application is completed, issue and deploy the free certificate.
5. After deployment is completed, visit the current site again to achieve HTTPS access.
6. Repeat steps 2-4 for the domain names
www.example.com
, api.example.com
, image.example.com
, and video.example.com
to apply for a free certificate in a similar manner.