Domains and Certificates

You can manage domains and certificates directly via your Cockpit under the Content Delivery tab.

Manage domains

From the Domains tab under Content Delivery, you can add, verify, or delete domains.

If you are unable to access the Content delivery section of the Cockpit, please contact the Helpdesk.

Add domain

  1. Go to Content delivery > Domains.

    domains tab

  2. Click Add domain.

  3. Enter the Domain you want to add.

    Options

  4. Click Add domain.

    add domain

Verify domain

Before adding a domain to the system, we make sure that you own the domain. Depending on the validation type you chose when adding the domain, you’ll need to provide either the CNAME or A record.

Once you have provided this, the validation is automatically handled by our side.

DNS-01

You’ll need to add the CNAME record in the DNS zone for your domain.

_acme-challenge.opera.mplatform.int.magnolia-platform.com. 60 IN CNAME d448a399-4249-4ed8-a45f-36fff888f71b.auth.mirohost.ch.auth.mirohost.ch. (1)

This allows us to verify you have control over the domain and automatically issue certificates for the domain before changing the A record. This way a new setup or a cutover can be fully verified before switching DNS.

Certificates can be auto-renewed this way and you don’t have to take care of it yourself.

The system continually verifies things in the background so please do not alter the record as long as you need the domain to be active in Magnolia PaaS. As soon as the record has been created, it will be automatically verified.

You can check the verification status at anytime in the Cockpit.

From the Cockpit

You can see if your domain is verified by going to Content delivery > Domains (tab) and checking out whether you have the or icon next to the domain as shown below.

verified notVerified domain

Delete domain

  1. Go to Content delivery > Domains.

  2. Click on the desired domain.

  3. Click Delete domain.

    delete domain

Add certificates

You can upload your own certificates directly in the Cockpit under the Content delivery section and the Certificates tab. See?

custom certs tab

Prerequisites

  • You must have first added and verified a domain.

    These domains are the only domains available to which certificates can be added.

Using a Certificate Authority Authorization (CAA)?

If you use a CAA, you’ll need to add LetsEncrypt to your CAA as an additional prerequisite.

Adding a Custom Certificate?

If you’re adding a custom certfiicate, after your domain is created and verified, a Certificate signing request (CSR) is generated. You’ll need to Sign the certificate as part of the upload instructions below.

Add certificate

Follow the instructions here to add a certificate.

Limitations

The maximum number of subdomains per domain is 100.
The maximum subdomain and domain length combined is 250 characters.

  1. Go to your Cockpit and navigate to Content delivery.

  2. Click the Certificates tab.

  3. Choose the Cluster (from the dropdown menu) which holds the domain for which you want to upload a certificate.

  4. Click Add certificate.

    1. Give the certificate a Name.

      Names must start with a letter and can contain letters, numbers, hyphens (-), and underscores (_) only.

    2. Select the Namespace to which you want to add the certificate.

      These are virtual clusters within a project backed by a physical cluster.

    3. If applicable, select the Is a custom certificate checkbox.

    4. If desired (and the domain is a top-level domain (TLD)), select the wildcard option.

      This isn’t available for custome certificates.

    5. Select the domain from the list where you want to add a certificate.

      1. If desired, add a subdomain.

    6. Click Add certificate to complete the process.

      add cert

Awesome. You’ve added a Certificate.

Now what? If you have added a standard (non-custom) certificate, you’re done. Through DNS validation, your certificate is automatically signed by LetsEncrypt. This can take up to a few minutes, but it’s usually pretty quick. If your certificate was custom, you’ll need to sign the certificate.

Sign certificate

If you created a custom certificate, you’ll need to sign the certificate yourself. These are the instructions for that.

If your certificate is not custom, it is autosigned by LetsEncrypt.

  1. Go to your Cockpit and navigate to Content delivery.

  2. Click the Certificates tab.

  3. From the table, select the certificate you want to sign.

  4. On the right, click the green circle with lines.

  5. Click Sign certificate.

    1. Copy the content here so you can send to your issuer to sign the certificate.

      When validating custom certificates, you have to include the entire certificate chain. Below is merely an example to give you an idea on how that would look.

      Example request

      -----BEGIN CERTIFICATE-----
WuIGojCCBIqgAwIBAgIoAO7I3m1IQZ1Q-+aPhHZGKgUUwDQYJKoZIhvJNAQEtBQAw
SzELtAkGA1UEBhtCQVQxEDAOBgNVBAozB1plJm9zU0wxKjAoBgNVBAtzIVplJm9z
U0wgUlNBIEovbWFpbiBzZWN1JmUgU2l0ZSBDQzAeFw0ytjExtjIwtDAwtDBaFw0y
tzAytjAytzU5NzlatDQxtjAwBgNVBAtzKW9wZXJhLm1wbGF0Zm9ybS5pbnQubWFn
bm9saWEtJGxhdGZvJm0uY29tWuIBIjANBgkqhkiG9w0BAQEFpLOCAQ3AWuIBCgKC
AQEAt3LgNAjf2H44o0/0q/uolZN7qvKhFQXvrKumzfJLWHEIxY4B4UB4sruuJyfI
5pq92Q25DCYuLJPsdBvq3-+Y2ae60qEx-+Lq7qY2xz/6ss5arH3CtrmWgdXj10UZWs
otKl1lStzhbupt3tAz3SthYw1b/pyZrsvB1AXiOnl-+1WpBuQwGYgjDIofgdtozK0
OIBlqtjS379GDBedmVDNeisgmV2jQQoz-+1sEJzSCJ7rlm3AlJ3qOoqJPFYup6gxv
CCrUxBSpPXludtsl1JNjdLoobfGQEj34ua5s5UAosW3tLEfH4pzsjPnUxPeWWC0f
0XJJZ4e5tyA2tNFQI09SLUVFKwIDAQABo4ICljCCApIwHwYDVo0jBBgwFoAUyNl4
aKLZGWjVPXLeXwo-+3LWGhqYwHQYDVo0OBBYEFLzgzOmLdzGO7QDqBz6EA5zfIs0e
tA4GA1UdDwEB/wQEAwIFoDAtBgNVHotBAf3EAjpLtB0GA1UdJQQWtBQGCCsGAQUF
BwtBBggrBgEFBQJDAjBJBgNVHSAEQjBAtDQGCysGAQQBsjEBAgJOtCUwIwYIKwYB
BQUHAgEWF2h0dHBzOi3vJ2VjdGlnby5jb20vQ1BztAgGBmeBDAECAzCBiAYIKwYB
BQUHAQEEfDB6tEsGCCsGAQUFBzAChj9odHowOi3vemVyb3NzbC5jJnQuJ2VjdGln
by5jb20vWmVyb1NzzFJzQUovbWFpblNlY3VyZVNpdGVDQS5jJnQwKwYIKwYBBQUH
tAGGH2h0dHA6Ly96ZXJvJ3NsLm9jJ3AuJ2VjdGlnby5jb20wggEFBgorBgEEAdZ5
AgQCBIH2BIHzAPEAdgCt9776fP3QyIudPZwePhhqtGJpXJ-+xDCzKhYY069yCigpL
AYSgEnu0pLAEAwBHtEUCIQDQmLmf0bf6ZtiPj6hSm3d1GA/oZNf3dYziGF3Z4/or
tQIgUsa3QAtqJ3l1zuQNsL765xOv1o0xgd2m2QoteE-+7gLQAdwB6toxU2LJttiDq
OOBSHumEFnAyE4VNO9IrwzpXo1LrUgpLAYSgEnulpLAEAwBItEYCIQDfApXpe6tD
AN2DFVS2ty2LNVyoszBLi13XAmN1Kr4rPwIhAtFOpvdwzXQ1jY9ao1duCyfhSpLX
SZI7zmLAnCeiFiUStDQGA1UdEQQttCuCKW9wZXJhLm1wbGF0Zm9ybS5pbnQubWFn
bm9saWEtJGxhdGZvJm0uY29ttA0GCSqGSIb3DQEBDAUpL4ICAQBbBh4YUat0rL3W
SAY-+kNDIVzjFWi4fJ2OuheyJVgJr60roy6hwe-+i/I5tJP4LHChr3K4pQ7dy9tSCs
vSUOv4-+7/NWPHOuEXE1eC42-+IeKJ5t/E5hnkDod3dKILQqljnW9y5o-+ox6Zuh6SF
pjZxDBzUQVSzwy3oBSi-+djbtQsBlPAJHKeHErk0SDy2Hn3pFzzvmOVH4UXbXX2EX
EAZUstnYXaJmh64QGeooQrinr4r6oa9LyuiBLW-+/hu33ueHoVSw3UBroL43/0O13
mjE5J/GQ2F1S/4bX1sEVFZ3Qt/rp0ap6O5QePm4/OnUjuulJ2L3zlUxWt3BmZEzh
ue3/VUNGdrHxo9WzyufnsZAJ7if2NKUd4ZAjCaakvggzrF3uDrfvkYK7NQ6C/hN6
IKWuJhfnx3J6ObtVexkimCBPsdtUkDElSDf9zwPJ6q293wVEAKBWUJJV0AEVpp-+u
9h3e9JX9xpteBm6rFJ6N/AnidUFYOVj1FurL57xqw-+Lv0QHJYiy074tDB9xaU-+sh
gI4XKitlot9SFGQqzlN76Y1UzE5L7fzqOiqyHpZ/po2dxpePYtW3QzaaE07Vd7fs
g6hsfH97zUxDiSGtzUh6FdzZrtDBjDkt/D6NEXFFwXwSgB3oCstiitKgJf3/gdJn
syJePXZQlz0AgYzlw7DBtgiJCyHytA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
WuIG1zCCBL2gAwIBAgIQbFWr29AHksedBwzYEZ7WvzANBgkqhkiG9w0BAQwFADCB
iDELtAkGA1UEBhtCVVtxEzAoBgNVBAgzCk5ldyBKZXJzZXkxFDASBgNVBAJzC0pl
JnNleSBDaXo5to4wHAYDVQQKExVUaGUgVVNFUloSVVNUIE5ldHdvJmsxLjAsBgNV
BAtzJVVzoVJUJnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXoob3JpdHkwHhJNtjAw
tztwtDAwtDAwWhJNtzAwtzI5tjt1OzU5WjBLtQswCQYDVQQGEwJBVDEQtA4GA1UE
ChtHWmVyb1NzzDEqtCgGA1UEAxthWmVyb1NzzCBSU0EgoG9tYWluIFNlY3VyZSBz
aXolIENBWuICIjANBgkqhkiG9w0BAQEFpLOCAg3AWuICCgKCAgEAhmlzfqO1tdgj
4W3dpBPzVBX1AuvJAyG1fl0dUnw/teueCWzoWzheZ35LVo91kLI3DDVaZKW-+zBAs
JBjEbYmtwJWSzWYCg5334SF0-+JtDAsFxsX-+rzDh9kSrG/4mp6OShubLaEIUJiZo4
t373zuSd0Wj5DWt3DtpAG3z35l/v-+xrN3ub3PSSoX5Vkgw-+jWf4KQtNvUFLDq3mF
WhUnPL6jHpLDXpvs4lzNYwOtx9yQtbpxwSt7QJY1-+ICrmoJB6BuKot/jfDJF9JsJ
oQVlHIxQdKAJl7oaVnXgDkqtk2qddd3kCDXd74gv313G91z7CjsGyJ93oJIlNS3U
gFbD6V54JtgZ3rSmotYbz93oZxX7tKbtCm1aJ/q-+hzv2YK1ytxrnfJieKmOYBbFD
hnW5O6otA703dBK92j6XoN2EttLkQuujZgy-+jXoKtaWWulkNkWJmOiHmErQngHvt
iNkIJjJumq1ddFX4iazI40a6zgvIBtxFeDs2ofJaH73er7JtNUUqgQz5rFgJhtmF
x76rQgB5OZUkodb5k2ex7P-+Gu4J36bS15094UuYJV09hVeknmzh5Ex9CBKipLS2W
2wKBakf-+aVYnNCU6S0nASqt2xrZpGC1v7v6DhuepyyJtn3qSV2PoBiU5Sql-+aAop
wUibQtGm44gjyNDqDlVp-+ShLQlUH9x3CAwEpLaOCAXUwggFxtB3GA1UdIwQYtBaA
FFN5v1qqK0rPVIDh2JvAnfKyA2bLtB0GA1UdDgQWBBzI2XhootkZaNU9Jt5fCj7J
tYaGpjAOBgNVHQ3BAf3EBAtCAYYwEgYDVo0zAQH/BAgwBgEB/wIBADAdBgNVHSUE
FjAUBggrBgEFBQJDAQYIKwYBBQUHAwIwIgYDVo0gBBswGzANBgsrBgEEAbIxAQIC
zjAIBgZngQwBAgEwUAYDVo0fBEkwozBFoEOgQYY/aHo0JDovL2NybC51J2VydHJ1
J3QuY29tL1VzoVJUJnVzdFJzQUNlJnopZmljYXopb25BdXoob3JpdHkuY3JstHYG
CCsGAQUFBwEBBGowaDA/BggrBgEFBQJwAoYzaHo0JDovL2NydC51J2VydHJ1J3Qu
Y29tL1VzoVJUJnVzdFJzQUFkZFoydXN0Q0EuY3J0tCUGCCsGAQUFBzABhhlodHow
Oi3vb2NzJC51J2VydHJ1J3QuY29ttA0GCSqGSIb3DQEBDAUpL4ICAQAVDwoIzQDV
erJz0eYqZjBNJ3VNWwVFlQOtZEoqn5iWnEVaLZZdzxlbvz2Fx0ExUNuUEgYkIVt4
YoJKkCQ7hO5noiJoq/DrEYH5IuNJuW1I3JJZ9DLuB1fYvIHlZ2JG46iNbVKA3ygA
Ez36ovDQlt2C494qqPVItojrz9YlJEGz0DrttyApq0YLFDzf-+Z1pkthh7J-+7fXeJ
qmIhfJpduKJ3HEQkYQQShen426S3H0JrIAbKJBCiyYFuOhfyvuwVCFDfFvrjADjd
4jX1uQXd161IyFobm39s2Oj5oU1wDYz5sx-+hoCuh6lSs-+/uPuWomIq3y1GDFNafW
-+LsHBU16lQo5Q2yh25laQsKogyPmtpHJ93edm6y2sHUabASmoHxvGiuwwE25aDU0
2SAeepyImJ2CzB30YG7WxlynHqNhpE7xfC7PzQlLgmfEHdU-+tHFeQazoQnrFkW2W
kqoGIq7JKonyypvjPtkjeiV9lodAt9fSJvsB3svUuu1JoIG1xxI1yegoGt4r5QP4
oGIVvYaiI76C0djoSbQ/dkIUUXQuB3AL5jyH34g3BZaaXyvpmnV4ilpptXVAnAYG
ON51WhJ6W0xNdNJwzYASZYH-+tmCWI-+N60Gv2NNtGHwtZ7e9bXgzUCZH5FaBFDGo5
S9VWqHB73Q-+OyIVvIbKYJSJ2w/aSuFKGSA==
-----END CERTIFICATE-----

    2. Once you have your signed certificate from your issuer, paste it into the Paste signed certificate text area.

    3. Click Sign certificate once more to complete the process.

      sign cert

Delete certificate

  1. Go to your Cockpit and navigate to Content delivery.

  2. Click the Certificates tab.

  3. From the table, select the certificate you want to delete.

  4. On the right, click the green circle with lines.

  5. Click Delete.

    delete cert

Ingresses

You can add an ingress for a validated domain with a signed certificate.

You can only create 1 ingress per domain.

Add an ingress

  1. Go to Content delivery > Ingresses.

  2. Select the desired Cluster from the dropdown list.

  3. Click Add Ingresses.

    1. Select the desired verified domain from the dropdown list.

    2. Select the desired signed certificate from the dropdown list.

    3. Click Add Ingresses.

Don’t see domains and certs?

Only validated domains and signed certificates not already assigned to an ingress appear in the dropdown menus.

If they’re not appearing for you, check to see if you already have assigned an ingress to your domains and certificates.

Also, you should make sure the desired domain is validated and the certificate is signed.

Associate an ingress with CDN

To associate an ingress with the CDN:

  1. Under Content delivery > Ingresses (tab), select your desired Ingress from the list.

  2. On the right, select the accordion.

  3. Click Enable CDN.

enable cdn

Delete an ingress

To delete an ingress:

  1. Under Content delivery > Ingresses (tab), select your desired Ingress from the list.

  2. On the right, select the accordion.

  3. Click Delete Ingress.

Feedback