SSL Manager - SSL Certificates

PUQcloud Panel

Order Now | Download | FAQ

Overview

The SSL Certificates section is your single place to issue, renew, import, and store SSL/TLS certificates.

Each certificate page is split into two columns:

Left column — generated by the panel and identical for all certificates (fields, statuses, PEM blocks, metadata).
Right column — module-specific, driven by the selected CA module (PUQ ACME). It may show provider-specific hints or controls.

Where to find it: Settings → SSL Manager → SSL Certificates

What you can do

Create a certificate (set the domain, choose a CA profile, add SANs/aliases).
Generate a CSR and a private key.
Complete domain control validation (DNS-01 via CNAME → tech zone).
Enable Auto-renewal and track Days Remaining.
View/copy Certificate / Private Key / CSR (PEM).
Change status (Draft → Active via standard actions).
Delete certificates.
(Optionally) Import existing certificates.

The private key is encrypted in the database and visible only on the certificate’s page.

Certificates list

The list shows:

Domain, Certificate Authority (PUQ ACME)
Status (e.g., ACTIVE, “X DAYS”, “AUTO RENEW: 7”)
Actions: Edit / Delete
+ Create to add a new certificate

Create a certificate (step-by-step)

Click + Create in SSL Certificates.
Fill in:
- Domain — primary domain (CN).
- Certificate Authority — select a CA profile (e.g., Let’s Encrypt / ZeroSSL).
- Aliases — SAN domains, one per line (optional).
Click Save — this only saves form data (no keys or certificate yet).
Click Generate CSR:
- The system creates the CSR and Private Key (they do not exist before this step).
- The private key is encrypted in DB; it is only visible on this page.
Status switches to Pending. The panel shows instructions to create a CNAME for _acme-challenge.<domain> pointing into your tech zone (e.g., acme.puqcloud.com).
Once the CNAME resolves, issuance starts automatically. When finished, the card turns Active and shows all metadata/PEMs.

Certificate page — left column fields

Top block (editable in Draft)

Certificate Status (Draft toggle) — draft state.
Auto Renew Days — how many days before expiry to auto-renew (typically 7).
Days Remaining — remaining days until expiry (LE defaults are ~90 days from issue).
Email (ACME account email) and Agree to Terms of Service — required by the CA policy.

Domain & Organization

Domain — CN.
Aliases (SANs) — additional domains/subdomains, one per line.
Wildcard — *.domain (works with DNS-01 and “Allow wildcard” enabled in the CA profile).
Email (contact) — certificate contact (may differ from ACME account email, if present).
Organization / Organizational Unit / Country / State / Locality — subject fields (as required by policy).

CA / Crypto / Metadata

Certificate Authority — selected profile (read-only once active).
Module = PUQ ACME — issuance module.
Key Size, Signature Algorithm — set/visible after CSR/issuance.
Issued At / Expires At / CSR Valid From / Renewed At — lifecycle timestamps.
Issuer — e.g., Let’s Encrypt / Let’s Encrypt Staging.
Serial Number (DEC/HEX), Fingerprints (MD5/SHA1/SHA256) — identifiers.
Certificate PEM / Private Key PEM / CSR PEM — PEM blocks.

Actions

Generate CSR — create CSR + private key (mandatory before issuance).
Change Status — service actions.
Save — persist form changes (no CA interaction).

In Draft, the upper part of the left column is editable; after issuance, many fields become read-only.

Workflow: statuses & transitions

Draft
- Edit primary fields (domain, SANs, email, ToS, auto-renew threshold).
- Save only stores data; no key/CSR is created.
Generate CSR
- Creates CSR and Private Key (encrypted; visible only on this page).
- Crypto fields/PEM blocks appear.
Pending (CNAME → tech zone)
- The panel displays the exact CNAME instruction for _acme-challenge.<domain> → into your tech zone.
- As soon as the CNAME resolves, the panel continues issuance (DNS-01).
Active
- Certificate is issued; Certificate PEM is available; a success panel shows “Certificate is active!”.
- Days Remaining and Auto Renew operate; crypto/metadata are filled.
Expired / Error / Revoked
- Expired — reissue/renew required.
- Error — check logs/CA setup/DNS path.
- Revoked — revoked per CA policy.

Auto-renewal

Controlled by Auto Renew Days (e.g., 7).
The panel tracks Days Remaining and triggers renewal ahead of expiry.
For LE/ZeroSSL via DNS-01, ensure your CNAME and tech zone remain intact.

Importing an existing certificate (if used)

Open SSL Certificates → + Import (or equivalent).
Paste CRT / Private Key / CA Bundle in PEM.
Save and verify validity/expiry.
Configure Auto Renew manually if needed (imports are usually not tied to ACME).

Key security

The private key is created at Generate CSR, encrypted in the database, and never shown outside this certificate page.
Visibility follows your role-based access.
Export a secure copy and store it in your organization’s secret vault.

Troubleshooting

Symptom	Likely cause	Fix
Stuck in Pending	CNAME not resolving / wrong target	Verify `_acme-challenge.<domain>` name and target in tech zone; wait for TTL.
Issuance doesn’t start	CSR not generated	Click Generate CSR, then follow CNAME steps.
No “Certificate is active!” after CNAME	DCV incomplete / CA error	Check logs; ensure the tech zone is publicly resolvable.
Auto-renew doesn’t trigger	Bad Auto Renew Days or broken CNAME	Use a sensible threshold (e.g., 7) and verify CNAME/tech zone.
PEM mismatch on import	Key/cert pair doesn’t match	Import the correct pair or reissue.

Certificate Authorities — profiles, tech zone, TTL, EAB.
DNS Manager — manage your tech zone and verify _acme-challenge resolution.
Notifications — expiry and operational alerts.

Login Page

Dashboard and Menu Overview

Clients: Manage Clients Overview

Clients: Manage Users Overview

Products: Manage Products Overview

Products: Product Groups Overview

Monitoring: Task Queue Overview

Monitoring: Admin Sessions Overview

Monitoring: Activity Log Overview

Monitoring: Module Log Overview

Monitoring: Notification History Overview

Staff: Admins Management Overview

Staff: Managing Administrator Groups Overview

Automation: Scheduler Overview

Automation: Horizon Overview

Email & Notifications: Notification Senders Overview

Email & Notifications: Notification Layouts Overview

Email & Notifications: Notification Templates

General: General Settings

General: Countries

General: Currencies

Manage Dashboard

Create and manage Clients

Create and manage users

Transactions Page

Create and manage a Home Company

Create and manage Tax Rules

Create and Manage a Product

Create and Manage Product Groups

Create and Manage an Attribute Group

Create and Manage Product Option Groups

Check and manage Task Queue

Check and manage Admin Sessions

Check and manage Client Sessions

Check and manage Activity Log

Check and manage Module Log

Check and manage Notification History

Create & Manage Administrators

Create & Manage Administrator Groups

Manage scheduler in the Admin Area

Manage Notification Senders in the Admin Area

Manage Notification Layouts in the Admin Area

Manage Notification Templates (Admin Area)

Manage General on Admin Area

Сheck Countries in the Admin Area

Create and manage Currencies in the Admin Area

SSL Manager - Certificate Authorities

SSL Manager - SSL Certificates

Manage the Client Area Dashboard

Manage Your Profile in the Client Area

Manage Invoices in the Client Area

Check Transactions in the Client Area

Account & Security: manage profile, password, verification, and 2FA

SSL Manager - SSL Certificates

PUQcloud Panel

Order Now | Download | FAQ

Overview

What you can do

Certificates list

Create a certificate (step-by-step)

Certificate page — left column fields

Top block (editable in Draft)

Domain & Organization

CA / Crypto / Metadata

Actions

Workflow: statuses & transitions

Auto-renewal

Importing an existing certificate (if used)

Key security

Troubleshooting

Related

No Comments