Skip to main content
CDN SSL certificates enable secure HTTPS content delivery. You can upload your own certificates or use automated Let’s Encrypt provisioning.

Add SSL Certificate

Add an SSL certificate for HTTPS content delivery.

Upload Your Own Certificate

import (
    "github.com/G-Core/gcore-go"
    "github.com/G-Core/gcore-go/cdn"
)

params := cdn.CertificateNewParams{
    OfOwnCertificate: &cdn.CertificateNewParamsBodyOwnCertificate{
        Name:           "My SSL Certificate",
        SslCertificate: "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----\n",
        SslPrivateKey:  "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n",
        ValidateRootCa: gcore.Bool(true),
    },
}

err := client.CDN.Certificates.New(context.Background(), params)
if err != nil {
    log.Fatal(err)
}

fmt.Println("Certificate added successfully")
name
string
required
Unique certificate name for identification
ssl_certificate
string
required
Public part of the SSL certificate. Include the full certificate chain separated by \n
ssl_private_key
string
required
Private key of the SSL certificate
validate_root_ca
boolean
Whether to verify the certificate is signed by a trusted certificate authority. Default: true

Request Let’s Encrypt Certificate

params := cdn.CertificateNewParams{
    OfLetSEncryptCertificate: &cdn.CertificateNewParamsBodyLetSEncryptCertificate{
        Automated: true,
        Name:      "LE Certificate for cdn.example.com",
    },
}

err := client.CDN.Certificates.New(context.Background(), params)
if err != nil {
    log.Fatal(err)
}
automated
boolean
required
Must be true to issue a Let’s Encrypt certificate automatically
name
string
required
Unique certificate name
After attaching a Let’s Encrypt certificate to your CDN resource, the certificate and private key are generated automatically. This can take up to 15 minutes.

Get SSL Certificate

Retrieve details of a specific SSL certificate. 
cert, err := client.CDN.Certificates.Get(context.Background(), sslID)
if err != nil {
    log.Fatal(err)
}

fmt.Printf("Certificate: %s\n", cert.Name)
fmt.Printf("Issuer: %s\n", cert.CertIssuer)
fmt.Printf("Valid from: %s to %s\n", cert.ValidityNotBefore, cert.ValidityNotAfter)
id
int64
SSL certificate ID
name
string
Certificate name
automated
boolean
Whether the certificate was issued automatically via Let’s Encrypt
cert_issuer
string
Name of the certificate authority that issued the certificate
cert_subject_cn
string
Primary domain name secured by the certificate
cert_subject_alt
string
Alternative domain names secured by the certificate (Subject Alternative Names)
validity_not_before
string
Date when certificate becomes valid (ISO 8601 format, UTC)
validity_not_after
string
Date when certificate expires (ISO 8601 format, UTC)
has_related_resources
boolean
Whether the certificate is currently used by any CDN resources

List SSL Certificates

Get all SSL certificates in your account. 
params := cdn.CertificateListParams{
    Automated:  gcore.Bool(false), // Only show uploaded certificates
    ResourceID: gcore.Int(resourceID), // Certificates for specific resource
}

certs, err := client.CDN.Certificates.List(context.Background(), params)
if err != nil {
    log.Fatal(err)
}

for _, cert := range *certs {
    fmt.Printf("%s - Expires: %s\n", cert.Name, cert.ValidityNotAfter)
}
automated
boolean
Filter by certificate type:
  • true - Only Let’s Encrypt certificates
  • false - Only uploaded certificates
resource_id
int64
Filter by CDN resource ID to show certificates attached to a specific resource
validity_not_after_lte
string
Return only certificates valid until the specified date (ISO 8601 format, UTC)

Update SSL Certificate

Replace an existing SSL certificate with a new one. 
params := cdn.CertificateReplaceParams{
    Name:           "Updated Certificate",
    SslCertificate: "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----\n",
    SslPrivateKey:  "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n",
    ValidateRootCa: gcore.Bool(true),
}

cert, err := client.CDN.Certificates.Replace(context.Background(), sslID, params)
if err != nil {
    log.Fatal(err)
}

fmt.Printf("Certificate updated: %s\n", cert.Name)

Delete SSL Certificate

Delete an SSL certificate from the system. 
err := client.CDN.Certificates.Delete(context.Background(), sslID)
if err != nil {
    log.Fatal(err)
}

fmt.Println("Certificate deleted")
You cannot delete a certificate that is currently attached to a CDN resource. Detach it from all resources first.

Let’s Encrypt Operations

Get Certificate Status

Get the status of a Let’s Encrypt certificate issuance attempt. 
status, err := client.CDN.Certificates.GetStatus(
    context.Background(),
    certID,
    cdn.CertificateGetStatusParams{
        Exclude: []string{"statuses"}, // Optional: exclude detailed status history
    },
)
if err != nil {
    log.Fatal(err)
}

fmt.Printf("Active: %v\n", status.Active)
fmt.Printf("Latest Status: %s\n", status.LatestStatus.Status)
if status.LatestStatus.Error != "" {
    fmt.Printf("Error: %s - %s\n", status.LatestStatus.Error, status.LatestStatus.Details)
}
id
int64
Certificate issuance attempt ID
resource
int64
CDN resource ID
active
boolean
Whether the issuance process is active
started
string
When the issuance process started (ISO 8601 format, UTC)
finished
string
When the issuance process finished (ISO 8601 format, UTC). Null if still in progress
attempts_count
int64
Number of issuance attempts made
next_attempt_time
string
Scheduled time for next attempt (ISO 8601 format, UTC)
latest_status
object
Status of the most recent attempt

Renew Let’s Encrypt Certificate

Manually renew a Let’s Encrypt certificate. 
err := client.CDN.Certificates.Renew(context.Background(), certID)
if err != nil {
    log.Fatal(err)
}

fmt.Println("Certificate renewal initiated")
Let’s Encrypt certificates are automatically renewed before expiration. Manual renewal is rarely needed. The process can take up to 15 minutes.

Force Retry Issuance

Retry Let’s Encrypt certificate issuance if a previous attempt failed. 
err := client.CDN.Certificates.ForceRetry(context.Background(), certID)
if err != nil {
    log.Fatal(err)
}

fmt.Println("Certificate issuance retry initiated")

Attach Certificate to CDN Resource

To use an SSL certificate with a CDN resource: 
// First, enable SSL and attach the certificate
params := cdn.CDNResourceUpdateParams{
    SslEnabled: param.NewOpt(true),
    SslData:    param.NewOpt[int64](sslID),
}

resource, err := client.CDN.CDNResources.Update(
    context.Background(),
    resourceID,
    params,
)
if err != nil {
    log.Fatal(err)
}

fmt.Println("HTTPS enabled with certificate")

Certificate Validation

Prevalidate Let’s Encrypt Certificate

Before requesting a Let’s Encrypt certificate, verify it can be issued: 
err := client.CDN.CDNResources.PrevalidateSslLeCertificate(
    context.Background(),
    resourceID,
)
if err != nil {
    log.Printf("Certificate validation failed: %v", err)
} else {
    fmt.Println("Certificate can be issued")
}

Complete Example

package main

import (
    "context"
    "fmt"
    "log"
    "time"

    "github.com/G-Core/gcore-go"
    "github.com/G-Core/gcore-go/cdn"
    "github.com/G-Core/gcore-go/packages/param"
)

func main() {
    client := gcore.NewClient()

    // Add Let's Encrypt certificate
    certParams := cdn.CertificateNewParams{
        OfLetSEncryptCertificate: &cdn.CertificateNewParamsBodyLetSEncryptCertificate{
            Automated: true,
            Name:      fmt.Sprintf("LE-cert-%d", time.Now().Unix()),
        },
    }

    err := client.CDN.Certificates.New(context.Background(), certParams)
    if err != nil {
        log.Fatalf("Error adding certificate: %v", err)
    }

    // List certificates to get the ID
    certs, err := client.CDN.Certificates.List(
        context.Background(),
        cdn.CertificateListParams{Automated: gcore.Bool(true)},
    )
    if err != nil {
        log.Fatalf("Error listing certificates: %v", err)
    }

    if len(*certs) == 0 {
        log.Fatal("No certificates found")
    }

    certID := (*certs)[0].ID

    // Enable HTTPS on CDN resource
    updateParams := cdn.CDNResourceUpdateParams{
        SslEnabled: param.NewOpt(true),
        SslData:    param.NewOpt(certID),
    }

    resource, err := client.CDN.CDNResources.Update(
        context.Background(),
        resourceID,
        updateParams,
    )
    if err != nil {
        log.Fatalf("Error enabling HTTPS: %v", err)
    }

    fmt.Printf("HTTPS enabled on resource %d\n", resource.ID)

    // Check certificate status
    status, err := client.CDN.Certificates.GetStatus(
        context.Background(),
        certID,
        cdn.CertificateGetStatusParams{},
    )
    if err != nil {
        log.Fatalf("Error checking status: %v", err)
    }

    fmt.Printf("Certificate issuance active: %v\n", status.Active)
    fmt.Printf("Latest status: %s\n", status.LatestStatus.Status)
}

Best Practices

  1. Use Let’s Encrypt - Automated certificate management with free renewals
  2. Monitor Expiration - Check certificate expiration dates regularly
  3. Test First - Use prevalidation before requesting Let’s Encrypt certificates
  4. Plan Renewals - Renew certificates well before expiration
  5. Keep Backups - Store uploaded certificate backups securely

Troubleshooting

Let’s Encrypt Issuance Failed

Check the certificate status for detailed error information: 
status, _ := client.CDN.Certificates.GetStatus(
    context.Background(),
    certID,
    cdn.CertificateGetStatusParams{},
)

if status.LatestStatus.Error != "" {
    fmt.Printf("Error: %s\n", status.LatestStatus.Error)
    fmt.Printf("Details: %s\n", status.LatestStatus.Details)
    
    if status.LatestStatus.Error == "RateLimited" {
        fmt.Printf("Retry after: %s\n", status.LatestStatus.RetryAfter)
    }
}
Common issues:
  • Domain validation failed - Ensure DNS points to CDN servers
  • Rate limited - Wait until the retry_after date
  • Invalid configuration - Check CDN resource settings

CDN Resources

Manage CDN resources and enable HTTPS

Resource Rules

Configure HTTPS-specific delivery rules

Build docs developers (and LLMs) love

Get started for freeTalk to us