[Yandex Cloud documentation](../../index.md) > [Yandex Certificate Manager](../index.md) > Getting started

# Getting started with Certificate Manager

Follow this guide to add your first [Let's Encrypt certificate](../concepts/managed-certificate.md) to Certificate Manager and use it to [set up HTTPS access](../../storage/operations/hosting/certificate.md) to a static website hosted in Yandex Object Storage.

## Getting started {#before-you-begin}

To get started with Certificate Manager, you need:

{% list tabs group=instructions %}

- Management console {#console}

    1. Folder in Yandex Cloud. If there is no folder yet, create one:

         1. In the [management console](https://console.yandex.cloud), in the top panel, click ![image](../../_assets/console-icons/layout-side-content-left.svg) or ![image](../../_assets/console-icons/chevron-down.svg) and select the [cloud](../../resource-manager/concepts/resources-hierarchy.md#cloud).
         1. To the right of the cloud name, click ![image](../../_assets/console-icons/ellipsis.svg).
         1. Select ![image](../../_assets/console-icons/plus.svg) **Create folder**.
         
            ![create-folder1](../../_assets/resource-manager/create-folder-1.png)
         
         1. Give your [folder](../../resource-manager/concepts/resources-hierarchy.md#folder) a name. The naming requirements are as follows:
         
             * Length: between 3 and 63 characters.
             * It can only contain lowercase Latin letters, numbers, and hyphens.
             * It must start with a letter and cannot end with a hyphen.
         
         1. Optionally, specify the description for your folder.
         1. Select **Create a default network**. This will create a [network](../../vpc/concepts/network.md#network) with subnets in each availability zone. Within this network, you will also have a [default security group](../../vpc/concepts/security-groups.md#default-security-group), within which all network traffic will be allowed.
         1. Click **Create**.
         
            ![create-folder2](../../_assets/resource-manager/create-folder-2.png)

    1. Third-level (or higher) domain for which a Let's Encrypt certificate will be issued.

         {% note info %}

         To pass a domain rights check, you must have the management access to the domain.

         {% endnote %}

    1. Public bucket in Object Storage named exactly as the domain. If you do not have a bucket yet, create one:

        1. In the [management console](https://console.yandex.cloud), select the folder where you want to create a [bucket](../../storage/concepts/bucket.md).
        1. Navigate to **Object Storage**.
        1. Click **Create bucket**.
        1. Enter exactly the same name for the bucket as the domain name.
        1. Select the `For all` [access](../../storage/concepts/bucket.md#bucket-access) type.
        1. Select the default [storage class](../../storage/concepts/storage-class.md).
        1. Click **Create bucket** to complete the operation.

    1. Set up [hosting](../../storage/operations/hosting/setup.md) in your bucket:

        1. In the [management console](https://console.yandex.cloud), select the folder with the bucket.
        1. Navigate to **Object Storage**.
        1. On the ![box](../../_assets/console-icons/box.svg) **Buckets** tab, click the bucket with the domain name.
        1. In the left-hand panel, select ![wrench](../../_assets/console-icons/wrench.svg) **Settings**.
        1. Open the **Website** tab.
        1. Select `Hosting` and specify the website's home page.
        1. Click **Save** to complete the operation.

    1. Set up an [alias](../../storage/operations/hosting/own-domain.md) for the bucket through your DNS provider or on your own DNS server.

        For instance, for the `www.example.com` domain, add the following record:

        ```text
        www.example.com CNAME www.example.com.website.yandexcloud.net
        ```

{% endlist %}

## Creating a request for a Let's Encrypt certificate {#request-certificate}

{% list tabs group=instructions %}

- Management console {#console}

    1. Navigate to the [management console](https://console.yandex.cloud).
    1. Navigate to **Certificate Manager**.
    1. Click **Add certificate**.
    1. In the menu that opens, select **Let's Encrypt certificate**.
    1. In the window that opens, enter a name for the certificate.
    1. Optionally, add a description for the certificate.
    1. In the **Domains** field, specify the domains you want to issue the certificate for.
    1. Select the [domain rights check type](../concepts/challenges.md): `HTTP`. 
    1. Click **Create**.

{% endlist %}

## Passing a domain rights check {#validate}

### Creating a file for the check {#create-file}

{% list tabs group=instructions %}

- Management console {#console}

  1. Navigate to the [management console](https://console.yandex.cloud).
  1. Navigate to **Certificate Manager**.
  1. Select a certificate in the `Validating` status in the list and click it.
  1. Under **Check rights for domains**:
      1. Copy the URL from the **Link for hosting file** field:
          * The `http://example.com/.well-known/acme-challenge/` part of the link is the file path.
          * The second part, `rG1Mm1bJ...`, is the file name you should use.
      1. Copy and paste the **Contents** field to the file.

{% endlist %}

### Uploading the file and performing the check {#upload-and-check}

{% list tabs group=instructions %}

- Management console {#console}

  1. Navigate to the [management console](https://console.yandex.cloud).
  1. Navigate to **Object Storage**.
  1. On the ![box](../../_assets/console-icons/box.svg) **Buckets** tab, click the bucket with the domain name.
  1. At the top right, click ![folder](../../_assets/console-icons/folder.svg) **Create folder** and create a folder named `.well-known`.
  1. Under `.well-known`, create a folder named `acme-challenge`.
  1. Under `acme-challenge`, click ![arrow](../../_assets/console-icons/arrow-up-from-line.svg) **Upload**.
  1. In the window that opens, select the file with a record and click **Open**.
  1. Click **Upload**.
  1. Wait until the certificate's status changes to `Issued`.
     
     For more information on the status, see the certificate page. To do this, next to the **ui-key.yacloud.certificate-manager.overview.general_label_validation** field, click ![receipt](../../_assets/console-icons/receipt.svg) **ui-key.yacloud.certificate-manager.overview.button_validation_show-logs**. 
  1. Go to the `acme-challenge` folder.
  1. Click ![image](../../_assets/options.svg) to the right of the file and select ![trash](../../_assets/console-icons/trash-bin.svg) **Delete**.
  1. Confirm the deletion.

- AWS CLI {#cli}

  1. Install and configure the AWS CLI by following [this tutorial](../../storage/tools/aws-cli.md#before-you-begin).
  1. Upload your file to the bucket so that it resides in the `.well-known/acme-challenge` folder:

      ```bash
      aws --endpoint-url=https://storage.yandexcloud.net \
        s3 cp <file_name> s3://<bucket_name>/.well-known/acme-challenge/<file_name>
      ```

  1. Wait until the certificate's status changes to `Issued`.
  1. Delete the file you created from the bucket:

      ```bash
      aws --endpoint-url=https://storage.yandexcloud.net \
         s3 rm s3://<bucket_name>/.well-known/acme-challenge/<file_name>
      ```

{% endlist %}

{% note warning %}

Certificates are not renewed automatically. Keep track of the lifecycle of your certificates to renew them on time. For more information, see [Renewing a certificate](../concepts/managed-certificate.md#renew).

{% endnote %}

## Setting up static website access over HTTPS {#hosting-certificate}

{% list tabs group=instructions %}

- Management console {#console}

    1. Navigate to the [management console](https://console.yandex.cloud).
    1. Navigate to **Object Storage**.
    1. On the ![box](../../_assets/console-icons/box.svg) **Buckets** tab, click the bucket with the domain name.
    1. In the left-hand panel, select ![persons-lock](../../_assets/console-icons/persons-lock.svg) **Security**.
    1. Navigate to the **HTTPS** tab.
    1. Click **Configure** at the top right.
    1. In the **Source** field, select `Certificate Manager`.
    1. In the **Certificate** field, select the certificate from the list that opens.
    1. Click **Save**.

{% endlist %}


#### See also {#see-also}

- [Certificate from Let's Encrypt](../concepts/managed-certificate.md)
- [Domain rights check](../concepts/challenges.md)
- [Configuring HTTPS in a bucket](../../storage/operations/hosting/certificate.md)