Skip to main content

Creating a Certificate

You can easily create a certificate in your IO River account and it will be automatically used in your CDN accounts. In addition, the certificate will be automatically renewed and updated when needed.

To create a certificate in you account:

  1. Sign in to your IO River account.
  2. Select the TLS Certificates tab.
  3. Click on the Create Certificate button.
  4. Specify the name of the certificate. Click Next.
  5. Specify the domains you would like to use. You can add multiple domains, alternatively you can specify a wildcard domain such as *.example.com. Click Next.
  6. You should now be presented with the DNS challenge which is required for creating your certificate. You should add a CNAME record in your DNS configuration, for more information, see DNS Challenge below. Click Close.

Once the certificate is created it will be in Pending state, until the DNS challenge is resolved. The certificate will automatically become Valid when the challenge is resolved, until then, the certificate cannot be used within a service. This process usually takes a couple of minutes but it depends on DNS propagation time. If it takes more, please refer to the Troubleshooting section below.

DNS Challenge

DNS challenge is required to authenticate that you are indeed the owner of the domain. If you for example, you are trying to create a certificate for test.example.com, you will be required to add a CNAME entry similar to this: Name: _acme-challenge.test.example.com. Value: b7ae09e7-77fd-41f5-9f9b-3eaf26e5a66e.test.example.com.ioriver-acme.com

Troubleshooting a Pending Certificate

In case your certificate is in Pending state for a long time.You can verify that the DNS challenge was set correctly by running the nslookup command. For the example above: nslookup _acme-challenge.test.example.com

You should see an output similar to this:

Non-authoritative answer:
_acme-challenge.test.example.com canonical name = b7ae09e7-77fd-41f5-9f9b-3eaf26e5a66e.test.example.com.ioriver-acme.com

In case you don’t see a similar output, you should double check your DNS configuration, or wait some more time for the DNS to propagate.