Managed SSL Certificates

If you do not own an SSL certificate for your domain, then you can use managed certificates where the EDJX platform auto-generates the SSL certificate for your domain and manages its expiration and renewal.

The following are the key features of managed domain certificates:

  • The Certificate Authority for managed SSL certificates is Let’s Encrypt.

  • For a Full domain, ensure that NS records exist with your DNS provider.

  • For a CNAME domain, ensure that a CNAME record AND a TXT record exist with your DNS provider.

  • Only one managed certificate can exist for a domain. You can add another managed certificate only after deleting the existing one.

  • Managed certificate and custom certificate can coexist for a domain. You can have multiple custom certificates but a single managed certificate for your domain.

  • A managed certificate expires in 90 days. It is auto-renewed by the EDJX platform 3 days before its expiry.

  • A managed certificate is flagged with an Active status on successful generation. See the Status Tags for Managed Certificate section for a description of each status.

Status Tags for Managed Certificate

A managed certificate can have the following status depending on its current state:

Status Description

Active

Default state on successful certificate generation. This indicates that the certificate is live.

Active and Renewing

The current certificate is live but will expire soon. It is also simultaneously being auto-renewed. Wait for the renewal process to complete. On successful renewal, the status changes to Active.

Expired and Renewing

The current certificate is expired and auto-renewal is in progress. Wait for the renewal process to complete. On successful renewal, the status changes to Active.

Active and Renewal Failed

The current certificate is live but auto-renewal has failed. To restart the renewal process, see Verify a Managed Certificate.

Expired and Renewal Failed

The current certificate is expired and renewal has failed. To restart the renewal process, see Verify a Managed Certificate.

Inactive and Generating

The certificate generation is in progress and currently, a managed certificate does not exist for the domain. Wait for the generation process to complete. On successful generation, the status changes to Active.

Inactive and Generation Failed

The certificate generation has failed and currently, a managed certificate does not exist for the domain. To restart the generation process, see Verify a Managed Certificate.

Generate a Managed Certificate

Before generating a managed certificate:

  • For a Full domain:

    • Add NS records for your domain with your DNS provider using the values provided by EDJX to verify EDJX as the authoritative server of your domain.

    • If there is any DNS record with the Name "_acme-challenge" with your DNS provider, then ensure that its Type is CNAME and Target is in the format <domain-id>.acme-verification.edjx.net. If there is any mismatch of Type or Target, you need to confirm if you wish to overwrite all DNS records with the name "_acme-challenge".

  • For a CNAME domain:

    • Add a CNAME record and a TXT record with your DNS provider using the values provided by EDJX.

    • Verify your CNAME Domain, if not yet verified.

You will receive an error if you do not create the required records with your DNS provider. Follow the instructions in the error message to resolve and proceed further.
You may expect a certain wait time due to a delay in DNS propagation.

You can use the following Google services while adding your records:

To generate a managed certificate for your domain:

  1. Switch to the organization associated with the domain.

  2. Click Main Menu  Domains.
    The Domains page displays.

  3. Click the domain row to add a certificate or hover over the row, and then click the Edit icon.

  4. Click the SSL/TLS tab.

  5. Select the Add Managed Certificate option from the Add Certificate drop-down.

  6. If there are no errors and all the required records are added with your DNS provider, a managed certificate named "EDJX Managed" generates and adds to the list of certificates on the SSL/TLS tab:

    cert listing

Verify a Managed Certificate

If the generation or renewal of a managed certificate fails, you can restart the process by verifying the certificate.

To verify a managed certificate:

  1. Switch to the organization associated with the domain.

  2. Click Main Menu  Domains.
    The Domains page displays.

  3. Click the domain row that contains the certificate or hover over the row, and then click the Edit icon.

  4. Click the SSL/TLS tab.
    The managed certificate in its current state displays. In this example, the certificate generation has failed with the status Expired, Renewal Failed.

    cert generation fail

  5. Click the certificate row or hover over the row, and click the Edit icon.

  6. On the EJDX Managed Certificate fly-in window, resolve the listed verification errors and click Verify.

    cert verify

    You may receive different verification errors based on different criteria such as domain type or certificate status.

    The Verify Certificate confirmation dialog displays.

  7. Click Verify to confirm and wait for the renewal process to complete.

Edit a Managed Certificate

You can edit only the name of a managed certificate. By default, each managed certificate generates as "EDJX Managed".

To edit a managed certificate:

  1. Switch to the organization associated with the domain.

  2. Click Main Menu  Domains.
    The Domains page displays.

  3. Click the domain row that contains the certificate or hover over the row, and then click the Edit icon.

  4. Click the SSL/TLS tab.
    The managed certificate for the domain displays.

  5. Click the certificate row or hover over the row, and then click the Edit icon.
    The EJDX Managed Certificate fly-in window displays.

  6. Update as needed, and then click Save.

Delete a Managed Certificate

To delete a managed certificate:

  1. Switch to the organization associated with the domain.

  2. Click Main Menu  Domains.
    The Domains page displays.

  3. Click the domain row that contains the certificate that you want to delete or hover over the row, and then click the Edit icon.

  4. Click the SSL/TLS tab.
    The managed certificate for the domain displays.

  5. Click the row of the certificate or hover over the row, and then click Delete.

  6. On the Delete Certificate confirmation dialog, click Delete.