Updated on 2024-12-12 GMT+08:00

Binding or Replacing a Certificate

Scenarios

You need to bind a certificate when you add an HTTPS listener to a load balancer. If the certificate used by a listener has expired or needs to be replaced due to other reasons, you can replace the certificate on the Listeners tab.

If the certificate is also used by other services such as WAF, replace the certificate on all these services to prevent service unavailability.

Replacing a certificate and private keys does not affect your applications.

Notes and Constraints

  • Only HTTPS listeners require certificates.
  • If a certificate has expired, you need to manually replace or delete it.
  • The new certificate takes effect immediately. The old certificate is used for established connections, and the new one is used for new connections.

Prerequisites

You have added a certificate by following the instructions in Adding a Certificate.

Binding a Certificate

You can bind certificates when you add an HTTPS listener. For details, see Adding an HTTPS Listener.

Replacing a Certificate

  1. Go to the load balancer list page.
  2. On the displayed page, locate the load balancer and click its name.
  3. Click the Listeners tab, locate the listener, and click Edit in Operation column.
  4. On the displayed dialog box, select a server certificate or CA certificate.
  5. Click OK in the Edit dialog box.