1. Create an enrollment

Here, we'll walk you through how to create a domain-validated certificate enrollment that uses Let's Encrypt as the certificate authority and ​Akamai​'s secure Standard TLS network. This is relatively easy to set up, it's available to all ​Akamai​ delivery customers, and it applies to most delivery scenarios.

Get backup contact information

You need a technical contact, outside your organization. This should be the person from your ​Akamai​ account team that you work closest with. Both your local administrator contact and this technical contact will receive communications while the certificate is being validated. Talk to your ​Akamai​ account team to get:

  • A first and last name
  • A valid, ​Akamai​ domain email address
  • A phone number

Reach out to your ​​Akamai​​ account team for help with this.

Get your contractId

A certificate enrollment is one of the many "objects" that you create and manage via your ​Akamai​ contract. To create a new enrollment, you need the unique identifier that ​Akamai​ generates for your contract. You can get this value using the list contract operation in PAPI.

PAPI: List contracts
Open Recipe

Create the enrollment

Now, you can use the CPS API to generate a new enrollment. Use the contractId provided by the response from the Get your contractId call in PAPI.

2. Validate the certificate

At this phase, you need the certificate authority (Let's Encrypt) to validate your enrollment request. There are a few ways you can do this, but they require interaction with your DNS. The method we cover here is self-service. You'll apply a token in a file and add it to your site or app.

Get tokens for your site

Any operation that updates or creates something in the CPS API is referred to as a "change." Here, you review the change that was created for your enrollment and store some data from the response. You'll use this data to add the tokens used for validation.

Add tokens to your site

Use the values you stored from the Get a change operation to create an HTML file and store it on your site:

  • responseBody. Use a text editor to create a file and include this as the content of the file.

  • token. This is the name of the file. Save it using the .html extension.

  • fullPath. Note the subdirectories after the domain. Create this same path on your site and save the html file you created in this path.

If you've included multiple domains (SANs) in your enrollment, repeat this same process for each one.

Wait for CPS

The last phase is automated. CPS will periodically check for the tokens on your site and ask Let's Encrypt to complete the validation. Once this happens, the administrator you set up when you created your enrollment will receive an email confirmation.

You're ready to go!

Other certificate methods

While it works for this basic tutorial, a domain-validated Standard TLS certificate may not fit your needs.


Enhanced TLS

Do requests for your content require the exchange of personally identifiable information (PII)? If they do, you’ll need the heightened protection offered with Enhanced TLS.

The Default Certificate (“Secure by Default”)

This is a separate method that automates the creation of a secure certificate–either Standard TLS or Enhanced TLS. Currently, it’s in limited availability.

Non-secure HTTP

Secure hypertext transfer protocol (HTTPS) has become the standard for access on the Internet. While non-secure HTTP is still supported, it's not recommended.