Auto-deployment of SSL certificates
Foreword
This article explains the use of auto-deployment for SSL certificates in more detail. With auto-deployment, SSL certificates can be automatically deployed to the target servers when they are issued or renewed. For supported services, the respective service is then restarted automatically.
Prerequisites
- SSL certificate in the customer center
- Server with supported service
Currently supported services for the auto-deployment of SSL certificates
- Plesk
- NGINX
- HaProxy
Set up auto-deployment of SSL certificates
To set up auto-deployment, navigate to Certificates in our Customer Center at account.creoline.com → SSL certificate for which you would like to set up auto-deployment → Auto-Deployment.
You can then set up an auto-deployment of the desired certificate using the + Auto-Deployment button.
Setting up auto-deployments
NGINX
If you are operating a server with NGINX, you can select NGINX under Type and receive the information required to set up the auto-deployment.
| Name | Freely definable name for the auto-deployment |
|---|---|
| Type | The service for which the auto-deployment is to be set up |
| Target server | The target server on which the SSL certificate is to be automatically installed |
| Path to the private key file | Path to the private key (.key), to be located under the prefilled path by default |
| Path to certificate file | Path to certificate file (.crt), to be located under the prefilled path by default |
| Description | Freely definable description for auto-deployment |
The paths for the private key file and certificate file are already prefilled depending on the selected type. If a different path is to be used, you can of course enter your own path here.
Plesk
If the SSL certificate is to be installed on a Plesk server, different information to the NGINX type is required.
| Name | Freely definable name for the auto-deployment |
|---|---|
| Type | The service for which the auto-deployment is to be set up |
| Target server | The target server on which the SSL certificate is to be installed automatically |
| Subscription | The subscription in the Plesk Control Panel under which the SSL certificate should be installed |
| Protect webmail | If webmail is to be protected, the SSL certificate is also used for webmail.* |
| Protect emails | Not currently available |
| Description | Freely definable description for auto-deployment |
HaProxy
| Name | Freely definable name for the auto-deployment |
|---|---|
| Type | The service for which the auto-deployment is to be set up |
| Target server | The target server on which the SSL certificate is to be installed automatically |
| PEM file path in the certificate pool | The path where the certificate is to be installed as a .pem file |
| Description | Freely definable description for the auto-deployment |
The paths for the private key file and certificate file are already prefilled depending on the selected type. If a different path is to be used, you can of course enter your own path here.
To be executed immediately
If the deployment is to be executed immediately, you can select the Execute immediately checkbox here so that the auto-deployment is executed after clicking on the button. Alternatively, you can save the auto-deployment and run it at a desired time.
Advantages of SSL Auto-Deployment
No more SSL installation service required for the pre-selectable services
If you have used our SSL installation service for the installation of SSL certificates for e.g. Plesk Server, this is no longer absolutely necessary. The installation can be carried out directly with our auto-deployment.
Quick and easy renewal and subsequent installation of the new certificate
The process of renewing SSL certificates on the server has been simplified so that auto-deployment can be triggered after renewal to install the SSL certificate on the server in the shortest possible time.
Auto-deployment of Lets Encrypt certificates on load balancers
With the introduction of this feature, we will also be able to support Lets Encrypt certificates on load balancers (HaProxy) in the future. The short duration of 90 days for Lets Encrypt certificates can be easily bypassed by our automatic installation.