All Products
Search
Document Center

Server Load Balancer:Replace a certificate

Last Updated:Nov 14, 2024

This topic describes how to replace a certificate. We recommend that you replace certificates before they expire to avoid impacts on your service. This topic describes two methods that you can use to replace certificates.

Replace listener certificates

Procedure

  1. Log on to the CLB console.
  2. On the Instances page, click the ID of the Classic Load Balancer (CLB) instance whose certificate you want to replace and click the Listener tab.

  3. Click Manage Certificate in the Operations column of the HTTPS listener whose certificate you want to replace.

  4. In the Manage Certificate panel, select a server certificate from the Server Certificate (Default Certificate) drop-down list.

    You can also select Create Server Certificate or Purchase Certificate. For more information about how to configure a server certificate, see Overview.

  5. Click Edit next to Advanced Settings, configure mutual authentication, select a TLS security policy, and then click OK. For more information, see Add an HTTPS listener.

  6. In the left-side navigation pane, choose CLB > Certificates. On the Certificates page, find the expired certificate and click Delete in the Actions column.

  7. In the message that appears, click OK.

    Note

    If the certificate is associated with another listener, the certificate cannot be deleted.

Replace a certificate on the Certificates page

After you replace a certificate on the Certificates page, all listeners and additional domain names associated with the certificate automatically use the new certificate.

Procedure

  1. Log on to the CLB console.
  2. In the left-side navigation pane, choose CLB > Certificates.

  3. On the Certificates page, find the certificate that you want to replace and click Change Certificates in the Operations column.

    Note

    Only certificates that are associated with at least one listener or additional domain name can be replaced.

  4. On the Replace Server Certificate page, replace the certificate.

    • Select Create and Replace Certificate.

      • Select Alibaba Cloud Certificates, configure the Region and Resource Group parameters, and then select a new certificate from the Certificates drop-down list.

      • Select Third-party Certificates. For more information, see Upload a third-party certificate.

    • Select Replace with Existing Certificate, and select a server certificate from the New Server Certificate drop-down list.

  5. Click Change Certificates.

  6. Click Go to Certificate List. On the Certificates page, you can view the new certificate.