All Products
Search

This Product

    Server Load Balancer:Replace a certificate

    Document Center

    Server Load Balancer:Replace a certificate

    Last Updated:Feb 05, 2025

    This topic describes how to replace a certificate. We recommend that you replace certificates before they expire to avoid impacts on your service. This topic describes two methods that you can use to replace certificates.

    Method 1: replace listener certificates

    1. Log on to the CLB console.

    2. On the Instances page, click the ID of the Classic Load Balancer (CLB) instance whose certificate you want to replace and click the Listener tab.

    3. Click Manage Certificate in the Actions column of the HTTPS listener whose certificate you want to replace.

    4. In the Manage Certificate panel, select a server certificate from the Server Certificate (Default Certificate) drop-down list.

      You can also select Create Server Certificate or Purchase Certificate. For more information about how to configure a server certificate, see Create a certificate.

    5. Click Edit next to Advanced Settings, configure mutual authentication, select a TLS security policy, then click OK. For more information, see Add an HTTPS listener.

    6. When the new certificate is in effect, choose CLB > Certificates in the left-side navigation pane, and on the Certificates page, find the expired certificate and click Delete in the Actions column.

    7. In the message that appears, click Delete.

      Note

      If the certificate is associated with another listener, the certificate cannot be deleted.

    Method 2: replace a certificate on the Certificates page

    After you replace a certificate on the Certificates page, all listeners and additional domain names associated with the certificate automatically use the new certificate.

    Note

    Only certificates that are associated with at least one listener or additional domain name can be replaced.

    1. Log on to the CLB console.

    2. In the left-side navigation pane, choose CLB > Certificates.

    3. On the Certificates page, find the certificate that you want to replace and click Change Certificates in the Actions column.

    4. On the Replace Server Certificate page, replace the certificate.

      • Select Create and Replace Certificate.

        • Select Alibaba Cloud Certificates, configure the Region and Resource Group parameters, and then select a new certificate from the Certificates drop-down list.

        • Select Third-party Certificates. For more information, see Upload a third-party certificate.

      • Select Replace with Existing Certificate, and select a server certificate from the New Server Certificate drop-down list.

    5. Click Change Certificates.

    6. Click Go to Certificate List. On the Certificates page, you can view the new certificate.