Let's Encrypt (LE) is a Certificate Authority (CA) that issues free certificates to the public. It provides a set of API and CLI tools to help you apply for and renew certificates automatically. If you want a certificate to cover one or more hostnames, you must prove to LE that you are the owner of all the hostnames. LE provides several ways (or "challenges") for you to prove ownership. Currently, CDN Pro supports the "HTTP-01 challenge." To pass the challenge, you must make sure that all hostnames using the certificate are already pointed (through CNAME records) to a CDN Pro edge hostname. Otherwise, some challenge requests from LE may go to undesired destinations.
To use the CDN Pro auto-renew feature, you need an initial certificate to "bootstrap" the process. If you don't want your current service to be interrupted, make sure this initial certificate is a valid one so your clients' browsers won't complain. Otherwise you can simply use the portal to generate a self-signed certificate for this purpose. The content of the certificate, such as common name or subject alternate names (SAN), is not important. The auto-renew process will populate the new certificate with the correct content.
The following procedure describes how to use the auto-renew feature:
Note: The property cannot contain wildcard characters in the hostname because HTTP-01 challenges do not support wildcard domains.