Domains and Certificates
You can manage domains and certificates directly via your Cockpit under the Content Delivery tab.
Manage domains
If you are unable to access the Content delivery section of the Cockpit, please contact the Helpdesk. |
Add domain
-
Go to Content delivery > Domains.
-
Click Add domain.
-
Enter the Domain you want to add.
Options -
Click Add domain.
Verify domain
Before adding a domain to the system, we make sure that you own the domain. Depending on the validation type you chose when adding the domain, you’ll need to provide either the CNAME
or A
record.
Once you have provided this, the validation is automatically handled by our side.
DNS-01
You’ll need to add the CNAME
record in the DNS zone for your domain.
_acme-challenge.opera.mplatform.int.magnolia-platform.com. 60 IN CNAME d448a399-4249-4ed8-a45f-36fff888f71b.auth.mirohost.ch.auth.mirohost.ch. (1)
This allows us to verify you have control over the domain and automatically issue certificates for the domain before changing the A
record. This way a new setup or a cutover can be fully verified before switching DNS.
Certificates can be auto-renewed this way and you don’t have to take care of it yourself.
The system continually verifies things in the background so please do not alter the record as long as you need the domain to be active in Magnolia PaaS. As soon as the record has been created, it will be automatically verified.
You can check the verification status at anytime in the Cockpit. |
Add certificates
You can upload your own certificates directly in the Cockpit under the Content delivery section and the Certificates tab. See?

Prerequisites
-
You must have first added and verified a domain.
These domains are the only domains available to which certificates can be added.
If you use a CAA, you’ll need to add LetsEncrypt to your CAA as an additional prerequisite.
If you’re adding a custom certfiicate, after your domain is created and verified, a Certificate signing request (CSR) is generated. You’ll need to Sign the certificate as part of the upload instructions below.
Add certificate
Follow the instructions here to add a certificate.
The maximum number of subdomains per domain is 100.
The maximum subdomain and domain length combined is 250 characters.
-
Go to your Cockpit and navigate to Content delivery.
-
Click the Certificates tab.
-
Choose the Cluster (from the dropdown menu) which holds the domain for which you want to upload a certificate.
-
Click Add certificate.
-
Give the certificate a Name.
Names must start with a letter and can contain letters, numbers, hyphens (
-
), and underscores (_
) only. -
Select the Namespace to which you want to add the certificate.
These are virtual clusters within a project backed by a physical cluster.
-
If applicable, select the Is a custom certificate checkbox.
-
If desired (and the domain is a top-level domain (TLD)), select the wildcard option.
This isn’t available for custome certificates.
-
Select the domain from the list where you want to add a certificate.
-
If desired, add a subdomain.
-
-
Click Add certificate to complete the process.
-
Now what? If you have added a standard (non-custom) certificate, you’re done. Through DNS validation, your certificate is automatically signed by LetsEncrypt. This can take up to a few minutes, but it’s usually pretty quick. If your certificate was custom, you’ll need to sign the certificate.
Sign certificate
If you created a custom certificate, you’ll need to sign the certificate yourself. These are the instructions for that.
If your certificate is not custom, it is autosigned by LetsEncrypt. |
-
Go to your Cockpit and navigate to Content delivery.
-
Click the Certificates tab.
-
From the table, select the certificate you want to sign.
-
On the right, click the green circle with lines.
-
Click Sign certificate.
-
Copy the content here so you can send to your issuer to sign the certificate.
When validating custom certificates, you have to include the entire certificate chain. Below is merely an example to give you an idea on how that would look. Example request
-----BEGIN CERTIFICATE----- WuIGojCCBIqgAwIBAgIoAO7I3m1IQZ1Q-+aPhHZGKgUUwDQYJKoZIhvJNAQEtBQAw SzELtAkGA1UEBhtCQVQxEDAOBgNVBAozB1plJm9zU0wxKjAoBgNVBAtzIVplJm9z U0wgUlNBIEovbWFpbiBzZWN1JmUgU2l0ZSBDQzAeFw0ytjExtjIwtDAwtDBaFw0y tzAytjAytzU5NzlatDQxtjAwBgNVBAtzKW9wZXJhLm1wbGF0Zm9ybS5pbnQubWFn bm9saWEtJGxhdGZvJm0uY29tWuIBIjANBgkqhkiG9w0BAQEFpLOCAQ3AWuIBCgKC AQEAt3LgNAjf2H44o0/0q/uolZN7qvKhFQXvrKumzfJLWHEIxY4B4UB4sruuJyfI 5pq92Q25DCYuLJPsdBvq3-+Y2ae60qEx-+Lq7qY2xz/6ss5arH3CtrmWgdXj10UZWs otKl1lStzhbupt3tAz3SthYw1b/pyZrsvB1AXiOnl-+1WpBuQwGYgjDIofgdtozK0 OIBlqtjS379GDBedmVDNeisgmV2jQQoz-+1sEJzSCJ7rlm3AlJ3qOoqJPFYup6gxv CCrUxBSpPXludtsl1JNjdLoobfGQEj34ua5s5UAosW3tLEfH4pzsjPnUxPeWWC0f 0XJJZ4e5tyA2tNFQI09SLUVFKwIDAQABo4ICljCCApIwHwYDVo0jBBgwFoAUyNl4 aKLZGWjVPXLeXwo-+3LWGhqYwHQYDVo0OBBYEFLzgzOmLdzGO7QDqBz6EA5zfIs0e tA4GA1UdDwEB/wQEAwIFoDAtBgNVHotBAf3EAjpLtB0GA1UdJQQWtBQGCCsGAQUF BwtBBggrBgEFBQJDAjBJBgNVHSAEQjBAtDQGCysGAQQBsjEBAgJOtCUwIwYIKwYB BQUHAgEWF2h0dHBzOi3vJ2VjdGlnby5jb20vQ1BztAgGBmeBDAECAzCBiAYIKwYB BQUHAQEEfDB6tEsGCCsGAQUFBzAChj9odHowOi3vemVyb3NzbC5jJnQuJ2VjdGln by5jb20vWmVyb1NzzFJzQUovbWFpblNlY3VyZVNpdGVDQS5jJnQwKwYIKwYBBQUH tAGGH2h0dHA6Ly96ZXJvJ3NsLm9jJ3AuJ2VjdGlnby5jb20wggEFBgorBgEEAdZ5 AgQCBIH2BIHzAPEAdgCt9776fP3QyIudPZwePhhqtGJpXJ-+xDCzKhYY069yCigpL AYSgEnu0pLAEAwBHtEUCIQDQmLmf0bf6ZtiPj6hSm3d1GA/oZNf3dYziGF3Z4/or tQIgUsa3QAtqJ3l1zuQNsL765xOv1o0xgd2m2QoteE-+7gLQAdwB6toxU2LJttiDq OOBSHumEFnAyE4VNO9IrwzpXo1LrUgpLAYSgEnulpLAEAwBItEYCIQDfApXpe6tD AN2DFVS2ty2LNVyoszBLi13XAmN1Kr4rPwIhAtFOpvdwzXQ1jY9ao1duCyfhSpLX SZI7zmLAnCeiFiUStDQGA1UdEQQttCuCKW9wZXJhLm1wbGF0Zm9ybS5pbnQubWFn bm9saWEtJGxhdGZvJm0uY29ttA0GCSqGSIb3DQEBDAUpL4ICAQBbBh4YUat0rL3W SAY-+kNDIVzjFWi4fJ2OuheyJVgJr60roy6hwe-+i/I5tJP4LHChr3K4pQ7dy9tSCs vSUOv4-+7/NWPHOuEXE1eC42-+IeKJ5t/E5hnkDod3dKILQqljnW9y5o-+ox6Zuh6SF pjZxDBzUQVSzwy3oBSi-+djbtQsBlPAJHKeHErk0SDy2Hn3pFzzvmOVH4UXbXX2EX EAZUstnYXaJmh64QGeooQrinr4r6oa9LyuiBLW-+/hu33ueHoVSw3UBroL43/0O13 mjE5J/GQ2F1S/4bX1sEVFZ3Qt/rp0ap6O5QePm4/OnUjuulJ2L3zlUxWt3BmZEzh ue3/VUNGdrHxo9WzyufnsZAJ7if2NKUd4ZAjCaakvggzrF3uDrfvkYK7NQ6C/hN6 IKWuJhfnx3J6ObtVexkimCBPsdtUkDElSDf9zwPJ6q293wVEAKBWUJJV0AEVpp-+u 9h3e9JX9xpteBm6rFJ6N/AnidUFYOVj1FurL57xqw-+Lv0QHJYiy074tDB9xaU-+sh gI4XKitlot9SFGQqzlN76Y1UzE5L7fzqOiqyHpZ/po2dxpePYtW3QzaaE07Vd7fs g6hsfH97zUxDiSGtzUh6FdzZrtDBjDkt/D6NEXFFwXwSgB3oCstiitKgJf3/gdJn syJePXZQlz0AgYzlw7DBtgiJCyHytA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- WuIG1zCCBL2gAwIBAgIQbFWr29AHksedBwzYEZ7WvzANBgkqhkiG9w0BAQwFADCB iDELtAkGA1UEBhtCVVtxEzAoBgNVBAgzCk5ldyBKZXJzZXkxFDASBgNVBAJzC0pl JnNleSBDaXo5to4wHAYDVQQKExVUaGUgVVNFUloSVVNUIE5ldHdvJmsxLjAsBgNV BAtzJVVzoVJUJnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXoob3JpdHkwHhJNtjAw tztwtDAwtDAwWhJNtzAwtzI5tjt1OzU5WjBLtQswCQYDVQQGEwJBVDEQtA4GA1UE ChtHWmVyb1NzzDEqtCgGA1UEAxthWmVyb1NzzCBSU0EgoG9tYWluIFNlY3VyZSBz aXolIENBWuICIjANBgkqhkiG9w0BAQEFpLOCAg3AWuICCgKCAgEAhmlzfqO1tdgj 4W3dpBPzVBX1AuvJAyG1fl0dUnw/teueCWzoWzheZ35LVo91kLI3DDVaZKW-+zBAs JBjEbYmtwJWSzWYCg5334SF0-+JtDAsFxsX-+rzDh9kSrG/4mp6OShubLaEIUJiZo4 t373zuSd0Wj5DWt3DtpAG3z35l/v-+xrN3ub3PSSoX5Vkgw-+jWf4KQtNvUFLDq3mF WhUnPL6jHpLDXpvs4lzNYwOtx9yQtbpxwSt7QJY1-+ICrmoJB6BuKot/jfDJF9JsJ oQVlHIxQdKAJl7oaVnXgDkqtk2qddd3kCDXd74gv313G91z7CjsGyJ93oJIlNS3U gFbD6V54JtgZ3rSmotYbz93oZxX7tKbtCm1aJ/q-+hzv2YK1ytxrnfJieKmOYBbFD hnW5O6otA703dBK92j6XoN2EttLkQuujZgy-+jXoKtaWWulkNkWJmOiHmErQngHvt iNkIJjJumq1ddFX4iazI40a6zgvIBtxFeDs2ofJaH73er7JtNUUqgQz5rFgJhtmF x76rQgB5OZUkodb5k2ex7P-+Gu4J36bS15094UuYJV09hVeknmzh5Ex9CBKipLS2W 2wKBakf-+aVYnNCU6S0nASqt2xrZpGC1v7v6DhuepyyJtn3qSV2PoBiU5Sql-+aAop wUibQtGm44gjyNDqDlVp-+ShLQlUH9x3CAwEpLaOCAXUwggFxtB3GA1UdIwQYtBaA FFN5v1qqK0rPVIDh2JvAnfKyA2bLtB0GA1UdDgQWBBzI2XhootkZaNU9Jt5fCj7J tYaGpjAOBgNVHQ3BAf3EBAtCAYYwEgYDVo0zAQH/BAgwBgEB/wIBADAdBgNVHSUE FjAUBggrBgEFBQJDAQYIKwYBBQUHAwIwIgYDVo0gBBswGzANBgsrBgEEAbIxAQIC zjAIBgZngQwBAgEwUAYDVo0fBEkwozBFoEOgQYY/aHo0JDovL2NybC51J2VydHJ1 J3QuY29tL1VzoVJUJnVzdFJzQUNlJnopZmljYXopb25BdXoob3JpdHkuY3JstHYG CCsGAQUFBwEBBGowaDA/BggrBgEFBQJwAoYzaHo0JDovL2NydC51J2VydHJ1J3Qu Y29tL1VzoVJUJnVzdFJzQUFkZFoydXN0Q0EuY3J0tCUGCCsGAQUFBzABhhlodHow Oi3vb2NzJC51J2VydHJ1J3QuY29ttA0GCSqGSIb3DQEBDAUpL4ICAQAVDwoIzQDV erJz0eYqZjBNJ3VNWwVFlQOtZEoqn5iWnEVaLZZdzxlbvz2Fx0ExUNuUEgYkIVt4 YoJKkCQ7hO5noiJoq/DrEYH5IuNJuW1I3JJZ9DLuB1fYvIHlZ2JG46iNbVKA3ygA Ez36ovDQlt2C494qqPVItojrz9YlJEGz0DrttyApq0YLFDzf-+Z1pkthh7J-+7fXeJ qmIhfJpduKJ3HEQkYQQShen426S3H0JrIAbKJBCiyYFuOhfyvuwVCFDfFvrjADjd 4jX1uQXd161IyFobm39s2Oj5oU1wDYz5sx-+hoCuh6lSs-+/uPuWomIq3y1GDFNafW -+LsHBU16lQo5Q2yh25laQsKogyPmtpHJ93edm6y2sHUabASmoHxvGiuwwE25aDU0 2SAeepyImJ2CzB30YG7WxlynHqNhpE7xfC7PzQlLgmfEHdU-+tHFeQazoQnrFkW2W kqoGIq7JKonyypvjPtkjeiV9lodAt9fSJvsB3svUuu1JoIG1xxI1yegoGt4r5QP4 oGIVvYaiI76C0djoSbQ/dkIUUXQuB3AL5jyH34g3BZaaXyvpmnV4ilpptXVAnAYG ON51WhJ6W0xNdNJwzYASZYH-+tmCWI-+N60Gv2NNtGHwtZ7e9bXgzUCZH5FaBFDGo5 S9VWqHB73Q-+OyIVvIbKYJSJ2w/aSuFKGSA== -----END CERTIFICATE-----
-
Once you have your signed certificate from your issuer, paste it into the Paste signed certificate text area.
-
Click Sign certificate once more to complete the process.
-
Ingresses
You can add an ingress for a validated domain with a signed certificate.
You can only create 1 ingress per domain. |
Add an ingress
-
Go to Content delivery > Ingresses.
-
Select the desired Cluster from the dropdown list.
-
Click Add Ingresses.
-
Select the desired verified domain from the dropdown list.
-
Select the desired signed certificate from the dropdown list.
-
Click Add Ingresses.
-
Only validated domains and signed certificates not already assigned to an ingress appear in the dropdown menus.
If they’re not appearing for you, check to see if you already have assigned an ingress to your domains and certificates.
Also, you should make sure the desired domain is validated and the certificate is signed.