Automatic renewal of certificate

Prev Next

Available in Classic and VPC

You can renew certificates issued from Certificate Manager automatically before their expiration.
Upon completion of renewal, the renewed certificate is automatically applied to the integrated service instances in use.
For certificates that meet the automatic renewal conditions, renewal attempts are made daily from 45 days (renewal start date) to 30 days (renewal end date) before the authentication end date.

Automatic renewal targets

  • Only provided for certificates issued using the DNS validation method.
  • (As of October 17, 2024) Only provided for Cloud Basic certificates.
  • (As of October 17, 2024) Only provided for certificates in use with VPC Load Balancer.

Automatic renewal quickstart

1. Preliminary review of renewal conditions

Check if the certificate to renew meets the automatic renewal conditions.

  • From the NAVER Cloud Platform console, navigate to Menu > Services > Security > Certificate Manager > Certificate List and select the certificate to renew.
  • Check if the Renewal eligibility is shown as Qualified in the certificate renewal information. If the renewal eligibility shows as disqualified, check the reasons for disqualification in the Renewal eligibility of this guide.
  • Check if it is set as a renewal target from the certificate renewal information. The Renewal target status must be "Y". If it's "N," click Set renewal target to set it as a renewal target.
  • Certificates that are qualified for renewal and set as renewal targets display Renewal start date and Renewal end date.

2. Set domain DNS validation

  • Check that the CNAME DNS record name and record value required for DNS validation are set for all domains included in the certificate. For more information on how to set them, see DNS validation.
Caution

For certificates issued before the July 23, 2024 improvement, the record name and record value change 1 time during the initial renewal process and then remain fixed. Make sure to reset the DNS record with the changed record name and record value; otherwise, DNS validation will fail. From now on, the DNS validation input values for specific domains are fixed. If you maintain the reconfigured DNS records, DNS validation will automatically succeed for renewals and new issuances.

3. Renewal process

For certificates that meet the automatic renewal conditions, renewal attempts are made daily from 45 days (renewal start date) to 30 days (renewal end date) before the authentication end date.

  • The renewal process runs for about 1 hour starting from 01:00 (UTC+09:00) every day. The process stops when renewal is completed or the end date is reached.
  • Once the renewal process ends, the renewal results can be viewed from the Certificate Manager console. Results are also sent to the notification targets set in the Notification Setting.
    • Upon successful renewal, the renewal status shows as Succeeded and the Renewal completion date is displayed. In Instance renewal status > Shortcut, Certificate renewal status (Y/N) is displayed as Y.

Set renewal target

You can set whether an item is a renewal target. Set by clicking Certificate List > (Select certificate) Certificate renewal information > Set renewal target.

  • Set - Renewal target status "Y": If there is a VPC Load Balancer instance in use, automatic certificate renewal is performed from 45 days to 30 days before certificate expiration.
  • Not set - Renewal target status "N": Excluded from the renewal target. Even if renewal eligibility is met and the certificate is within 45 days of expiration, the renewal process will not be attempted.
Note

When issuing a certificate with the DNS validation method, you can set up the automatic renewal target in advance in step 3, "Review and request."

Renewal eligibility

Renewal eligibility can be viewed in Certificate list > (Select certificate) Certificate renewal information.

Type Description Condition
Qualified Certificates that are qualified for renewal and set as renewal targets attempt automatic renewal from 45 days to 30 days before the authentication end date.
  • Certificates that are only in use with VPC Load Balancer,
  • And have more than 30 days of remaining validity.
    		•
    Not qualified Certificates that are not qualified for renewal cannot be automatically renewed.
  • Certificates that are not in use, or in use with integrated services other than VPC Load Balancer,
  • Or have 30 days or less remaining validity period.
    		•

    Renewal status

    Renewal status can be viewed in Certificate list > (Select certificate) Certificate renewal information.

    Renewal status Description
    Renewing The renewal conditions are met and the renewal process is in progress.
    DNS validation pending DNS validation is in progress for at least one of the domains included in the certificate. When the renewal process begins the next day, it will retry starting with DNS validation. If DNS verification fails until the renewal end date, the renewal fails.
    Renewal pending If the certificate is not in use by any instance from 45 days before the expiration date, the status becomes Renewal pending. If the certificate remains unused until 30 days before expiration, the renewal fails.
    Succeeded The certificate has been renewed and the renewed certificate has been automatically applied to the integrated instances in use.
    Failed The renewal has failed. No further renewal attempts are made. If there are instances in use and certificate replacement is needed, you must obtain and apply a new certificate. See the following 3 reasons for renewal failure:
  • Renewal end date exceeded.
  • No instances in use.
  • Certificate data validation error.
    • Business Registration Number: 129-86-31394 E-commerce Permit Number:No. 2009-GyeonggiSeongnam-0510
    CEO: Kim Yuwon Address: NAVER Green Factory 17th–26th Floors, Buljeong-ro 6, Bundang-gu, Seongnam-si, Gyeonggi-do 13561, Republic of Korea. Customer Support Number: 1544-5876
    © NAVER Cloud Corp. All Rights Reserved.