SSL Certificates
Introduction
An SSL certificate is a small cryptographic file that, once installed, enables a secure (HTTPS) connection between a user's browser and your server. It encrypts data in transit — logins, payments, and other sensitive information — so it cannot be read or tampered with.
In MyAccount, the SSL Certificate Manager lets you get a certificate in two ways:
- Buy a certificate through E2E (an Ordered certificate), or
- Import a certificate you already have (an Imported certificate).
You can then use the certificate to serve HTTPS from an E2E Load Balancer or a CDN distribution.
Open the SSL Certificate Manager
- Log in to the E2E MyAccount portal.
- Open Manage SSL Certificates from the left navigation (the SSL Certificate Manager at
/services/certificate/ssl-manager).
The dashboard lists your certificates with three columns:
| Column | Description |
|---|---|
| Domain Name | The domain the certificate secures. |
| Type | Ordered (bought through E2E) or Imported. |
| State | The certificate's current state (see below). |
A certificate moves through these states:
| State | Meaning |
|---|---|
| Payment Pending | The order is created but not yet paid. |
| Order Processing | Payment received; the order has been sent to the certificate authority. |
| Verification Pending | Awaiting domain validation (CNAME or file). |
| Issued | Validated and issued — ready to download and use. |
| Expired | The certificate's validity period has ended. |
| NA | Not applicable (shown for imported certificates). |
From the dashboard you can Buy SSL Certificate, Import SSL Certificate, Refresh the list, search certificates, and — from each row's Actions menu — open SSL Details or Delete the certificate. While an ordered certificate is in Verification Pending, the row also offers a Refresh action to re-check whether validation has completed.
Buy an SSL Certificate
Select Buy SSL Certificate to open the certificate catalog. On the Select SSL Certificate screen, each product shows its type, validity period, and price (or infra-credit cost for prepaid accounts). Choose a product and select Buy.
The exact products available in the portal are the source of truth. Common types include:
- Positive SSL — a single-domain certificate for one secure origin (for example,
www.example.com). It does not cover sub-domains such asmail.example.com. - Positive SSL Wildcard — covers a domain and an unlimited number of its sub-domains (issued for
*.example.com).
Enter contact details
Fill in the Admin Contact Details — first and last name, organization name, phone, email, address, country, city, state/province, and postal code.
Then provide the Technical Contact Details. Leave Same as Admin Contact enabled to reuse the admin details, or turn it off to enter separate technical contacts.
Provide the CSR and web server type
Choose the SSL Type, paste your Certificate Signing Request (CSR) (or load it from a .csr file), and select the Webserver Type. The portal validates the CSR before continuing and parses it to extract the common name, organization, and location.
The private key is generated on your side when you create the CSR — keep it safe. To generate a CSR and private key, see the CSR generation instructions. Make sure the CSR file is not password protected.
Review and pay
The confirmation screen shows the selected product, validity, price, the parsed CSR details, and your admin and technical contacts. Review it and select Proceed to Pay.
After payment, an Order ID is generated and the certificate enters Order Processing. Processing time depends on the certificate authority.
Complete Domain Validation
Before an ordered certificate can be issued, you must prove control of the domain. The certificate authority offers CNAME-based or file-based validation. Open the certificate's SSL Details and select Click here to complete verification to see the values you need.
For CNAME-based validation:
- In SSL Details, select Click here to complete verification. A dialog shows an Alias / Host Name and a Point To value.
- Log in to your domain's hosting control panel (usually your domain registrar).
- Open the DNS Zone Manager for your domain.
- Create a new CNAME record. In the Host Name / Alias field, enter the alias from MyAccount — it begins with an underscore (
_), which must be kept. - In the CNAME / Points To field, enter the Point To value from MyAccount.
- Set the TTL to
3600(or the lowest available value). - Save and wait for the record to propagate — typically around 15 minutes.
Once the authority confirms the record, the certificate moves to Issued. You can use the row's Refresh action to re-check the status; validation can take up to 24 hours.
Download Your Certificate
When the certificate is Issued, open its SSL Details and select Click here to download certificate. The certificate bundle downloads as certificates.zip.
Import an SSL Certificate
Import a certificate you already hold — for example, one you purchased from E2E (which does not include the private key) or generated elsewhere. Importing is also required before a certificate can be used on a Load Balancer.
Select Import SSL Certificate and complete the form:
| Field | Requirement |
|---|---|
| Name | A name for the imported certificate bundle. |
| SSL Certificate | The certificate, pasted or loaded from a .crt, .cer, or .pem file. |
| SSL Certificate private key | The private key, pasted or loaded from a .key or .pem file. |
| SSL Certificate chain | The intermediate/CA chain, pasted or loaded from a .crt, .cer, or .pem file. |
All four fields are required. Make sure the files are not password protected.
Select Import Certificate. On success the certificate appears in the list with type Imported, and its SSL Details show the bundle name and expiry date.
How E2E Handles Private Keys
- Purchased (Ordered) certificates do not include a private key. The key is generated on your side during CSR creation and is never sent to or stored by E2E. Because of this, a purchased certificate must be imported with your private key before it can be used on a Load Balancer.
- Imported certificates are stored in a secure secret store, not in plain form in the portal database. Only the certificate metadata (such as issuer and expiry) is shown in the interface.
Delete a Certificate
From a certificate's Actions menu, select Delete and confirm.
A certificate that is currently attached to a Load Balancer cannot be deleted — the portal returns "SSL is currently enabled on the Load Balancer. It cannot be deleted." Detach or replace the certificate on the Load Balancer first, then delete it.
Use Your Certificate
| Where | How |
|---|---|
| Load Balancer (HTTPS) | Attach an imported certificate to an Application Load Balancer's HTTPS listener. See Load Balancer SSL Certificates. |
| CDN | Use a certificate with a CDN distribution. |
Renewal
A certificate becomes eligible for renewal as it nears its expiry date (within 60 days). Renew before expiry to avoid an interruption to HTTPS on any service that uses the certificate.