Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Getting started with Certificate Manager

Written by
Improved by
Updated at January 20, 2026

By following this guide, you will add your first Let's Encrypt certificate to Certificate Manager and use it to set up HTTPS access to a static website hosted in Yandex Object Storage.

Getting started

To get started with Certificate Manager, you need:

  1. Folder in Yandex Cloud. If there is no folder yet, create one:

    1. In the management console, in the top panel, click and select the cloud.

    2. To the right of the cloud name, click .

    3. Select Create folder .

      create-folder1

    4. Give your folder a name. The naming requirements are as follows:

      • It must be from 2 to 63 characters long.
      • It can only contain lowercase Latin letters, numbers, and hyphens.
      • It must start with a letter and cannot end with a hyphen.

    5. Optionally, specify the description for your folder.

    6. Select Create a default network. This will create a network with subnets in each availability zone. Within this network, you will also have a default security group, within which all network traffic will be allowed.

    7. Click Create.

      create-folder2

  2. Third-level (or higher) domain that the Let's Encrypt certificate is issued for.

    Note

    To pass the domain rights check, you must have the management access to the domain.

  3. Public bucket in Object Storage with exactly the same name as the domain. If you do not have a bucket yet, create one:

    1. In the management console, select the folder where you want to create a bucket.
    2. Go to Object Storage.
    3. Click Create bucket.
    4. Enter exactly the same name for the bucket as the domain name.
    5. Select the For all access type.
    6. Select the default storage class.
    7. Click Create bucket to complete the operation.

  4. Set up hosting in your bucket:

    1. In the management console, select the folder with the bucket.
    2. Go to Object Storage.
    3. On the Buckets tab, click the bucket with the same name as the domain.
    4. In the left-hand panel, select Settings.
    5. Open the Website tab.
    6. Select Hosting and specify the website's homepage.
    7. Click Save to complete the operation.

  5. Set up an alias for the bucket through your DNS provider or on your own DNS server.

    For instance, for the www.example.com domain, add the following record:

    www.example.com CNAME www.example.com.website.yandexcloud.net

Creating a request for a Let's Encrypt certificate

  1. Navigate to the management console.
  2. Go to Certificate Manager.
  3. Click Add certificate.
  4. In the menu that opens, select Let's Encrypt certificate.
  5. In the window that opens, enter a name for the certificate.
  6. (Optional) Add a description for the certificate.
  7. In the Domains field, specify the domains you want to issue the certificate for.
  8. Select the domain rights check type for HTTP.
  9. Click Create.

Passing the domain rights check

Creating a file for the check

  1. Navigate to the management console.
  2. Go to Certificate Manager.
  3. Select a certificate with the Validating status in the list and click it.
  4. Under Check rights for domains:
    1. Copy the URL from the Link for hosting file field:
      • The http://example.com/.well-known/acme-challenge/ part of the link is the file path.
      • The second part, rG1Mm1bJ..., is the file name you should use.
    2. Copy the Contents field to the file.

Uploading the file and performing the check

  1. Navigate to the management console.

  2. Go to Object Storage.

  3. On the Buckets tab, click the bucket with the same name as the domain.

  4. At the top right, click Create folder and create a directory named .well-known.

  5. Under .well-known, create the acme-challenge directory.

  6. In acme-challenge, click Upload.

  7. In the window that opens, select the file with a record and click Open.

  8. Click Upload.

  9. Wait until the certificate's status changes to Issued.

    For more information on the status, see the certificate page. To do this, click Viewing logs next to Validation.

  10. Go to the acme-challenge directory.

  11. Click to the right of the file and select Delete.

  12. Confirm the deletion.

  1. Install and configure the AWS CLI by following this tutorial.

  2. Upload your file to the bucket so that it resides in the .well-known/acme-challenge subdirectory:

    aws --endpoint-url=https://storage.yandexcloud.net \
  s3 cp <file_name> s3://<bucket_name>/.well-known/acme-challenge/<file_name>

  3. Wait until the certificate's status changes to Issued.

  4. Delete the file you created from the bucket:

    aws --endpoint-url=https://storage.yandexcloud.net \
   s3 rm s3://<bucket_name>/.well-known/acme-challenge/<file_name>

Warning

To renew a certificate, you have to perform certain actions. Keep track of the lifecycle of your certificates to renew them on time. For more information, see Renew a certificate.

Setting up static website access over HTTPS

  1. Navigate to the management console.
  2. Go to Object Storage.
  3. On the Buckets tab, click the bucket with the same name as the domain.
  4. In the left-hand panel, select Security.
  5. Navigate to the HTTPS tab.
  6. Click Configure at the top right.
  7. In the Source field, select Certificate Manager.
  8. In the Certificate field, select the certificate from the list that opens.
  9. Click Save.

See also

Next
All guides