Product reference pages are available in English only.
Security

Certificate Manager

What Is It?

Certificate Manager handles SSL/TLS certificates for IONOS services including CDN and Managed Application Load Balancer. Create auto-certificates with automatic renewal via ACME providers (Let's Encrypt, Sectigo) or import existing PEM-encoded certificates. Centralized management for viewing, editing, and deleting certificates across all services.

Quick Facts

Aspect Details
Certificate Types Auto-certificate (ACME-issued), Imported (PEM-encoded)
ACME Providers Let's Encrypt, Sectigo, other ACME-compatible
Auto-Renewal Yes (for auto-certificates)
Key Algorithms Configurable per certificate
SANs Up to 10 Subject Alternative Names per certificate
States Available, PROVISIONING, FAILED
Limits 50 ACME providers, 50 auto-certificates per contract
DNS Requirement Domain must be managed in IONOS Cloud DNS for auto-certificates

Certificate Information

Field Description
Name User-defined identifier
Common Name Primary domain
State Available, PROVISIONING, or FAILED
Expiry Date Certificate expiration (auto-certs show renewal status)
Serial Number Certificate serial number
Resource URN Unique resource identifier
Provider Name ACME provider for auto-certificates

What You Can Do

Create Auto-Certificates

Issue certificates automatically via ACME providers. Select existing ACME provider or create new one. Configure name, common name, key algorithm, and optional SANs (up to 10). Certificates auto-renew before expiration.

Note: Domain must be managed in IONOS Cloud DNS for ACME validation.

Import Certificates

Upload PEM-encoded certificate, chain, and private key for use with Managed Application Load Balancer or CDN. Provide certificate name and paste or upload PEM files. No automatic renewal for imported certificates.

Manage ACME Providers

Create, view, edit, and delete ACME providers under ACME Providers tab. Each provider shows name, state, requester email, server URL, and provider ID. Create auto-certificates directly from provider entry.

Edit Certificates

Update certificate properties. For auto-certificates, edit name, key algorithm, common name, and SANs. For imported certificates, edit name, certificate file, or chain. Changes require re-provisioning.

Monitor Certificate Status

View all certificates in Certificates tab with key attributes. Check state (Available, PROVISIONING, FAILED), expiry dates, and renewal status. Click certificate name for detailed information including creation date, creator, serial number, and resource URN.

Delete Certificates

Remove certificates no longer in use. Select certificate from list or use Delete button in details view. Confirmation required. Works for both auto and imported types.

Best For

Scenario Why It Fits
Automated certificate management Auto-certificates with ACME providers, automatic renewal, no manual intervention
Load Balancer SSL termination Import certificates for use with Managed Application Load Balancer; auto-certificates are not documented as ALB-compatible and support CDN only
CDN HTTPS delivery Certificates for CDN edge locations, automatic renewal reduces operational overhead
Multi-service TLS governance Centralized creation, renewal, and deletion of certificates used by CDN and Managed Application Load Balancer
Multi-domain certificates SANs support up to 10 domains per certificate, consolidate certificate management

Key Considerations

Billing & Costs

  • Auto-certificates: Included with ACME provider setup (Let's Encrypt free)
  • Imported certificates: No additional charge for management in Certificate Manager
  • ACME provider fees: Vary by provider (Let's Encrypt free, commercial providers may charge)

Limitations

  • Maximum 50 ACME providers per contract
  • Maximum 50 auto-certificates per contract
  • Up to 10 SANs per certificate
  • Auto-certificates require domain managed in IONOS Cloud DNS
  • Imported certificates require manual renewal (no automatic renewal)
  • Certificate states (PROVISIONING, FAILED) indicate ongoing operations or errors
  • Domain validation required for ACME certificate issuance