2026 Tengxun Cloud Free SSL Certificate Application New Rules and Nginx/Apache One-Click Deployment Guide
Starting in mid -2024, mainstream global CA institutions (such as TrustAsia) have made major adjustments to their free certificate strategy, and Tengxun Cloud has fully synchronized this new rule. If you are still using the old tutorial or think that the free certificate can last for one year, you will definitely step on the pit.
This article does not talk about the virtual, directly take you through the 2026 latest rules, and hand-in-hand teach you to arrange the certificate to Nginx and Apache servers.
Core changes: 2026 free SSL certificate new circumvention pit guide
Before you start, you must first understand the current rules, otherwise your website may be "paralyzed" at any time because of the expiration of the certificate ".
The validity period has been shortened to 3 months (90 days): the past "one year for one" bonus is completely over. Now a single free certificate is only valid for 90 days, whether it is a new application or a renewal. This means that you need to operate at least 4 certificate updates in a year.
The total number of accounts is 50: regardless of personal or enterprise accounts, the maximum number of free certificates is adjusted to 50.
Remove domain name binding restrictions: The good news is that the new regulations remove the limit of "up to 20 applications for the same main domain name". Now you can apply for free certificates for any subdomain name and are no longer bound by the main domain name quota.
Survival suggestion: Because the 90-day validity period is very short, it is strongly recommended to check the "automatic renewal" service (if supported by the cloud vendor console) when applying, or configure an automatic update script (such as Certbot) on the server side, otherwise manual maintenance will make people crazy.
Phase 1: Tencent Cloud Free SSL Certificate Application
Log in to the Tengxun cloud console, enter "SSL certificate" in the search bar at the top and enter.
Click "Request a free certificate" (usually on the shortcut or above the certificate list).
Fill out the application form:
Certificate-bound domain name
: Enter your specific domain name, such as [www.yourdomain.com] (https://www.yourdomain.com) or the root domain name yourdomain.com (Note: The free certificate is a single-domain certificate and does not support the pan-domain name * .yourdomain.com).
Domain Name Verification Method: Automatic DNS Verification is preferred ". If your domain name is hosted under the current Tengxun cloud account, the system will automatically add a resolution record for you and issue it automatically in a few minutes without manual intervention.
After submitting the application, wait patiently for 5-10 minutes. Refresh the list and see that the status changes to "Issued" and click "Download" on the right ".
In the pop-up download page, select according to your server environment. Here we download the Nginx and Apache compression packages respectively and decompress them to the local standby.
Phase II: One-click deployment of HTTPS in the Nginx environment
Decompress the downloaded Nginx certificate compression package, and you will get four files. We
Only two of them are required: yourdomain.com_bundle.crt
(Certificate File)
yourdomain.com.key (private key file)
1. Upload Certificate
Connect to the server through SSH tools (such as Xshell and Termius) and create a new folder dedicated to storing certificates in the configuration directory of Nginx:
Bash
mkdir -p /etc/nginx/ssl
Upload the preceding two files to the directory through SFTP.
2. Modify the Nginx configuration file
Find your website profile (usually in
/etc/nginx/nginx.conf
or
/etc/nginx/conf.d/
under a certain
.conf
file).
will put
server
Block modification or addition to the following:
3. Test and restart
Before reloading the configuration,
Must
Check for syntax errors:
Bash
nginx -t
If displayed
syntax is ok
and
test is successful
, directly make the configuration effective:
Bash
nginx -s reload
Phase 3: One-click deployment of HTTPS in the Apache environment
Decompress the Apache certificate package and you will get three files:
yourdomain.com_bundle.crt (certificate file)
yourdomain.com.key (private key file)
yourdomain.com_chain.crt (certificate chain file)
Similarly, under the Apache configuration directory (e. g.
/etc/httpd/
or
/etc/apache2/
1) New
ssl
folder and upload these three files.
1. Open the SSL module
For Ubuntu/Debian systems, execute:
Bash
sudo a2enmod ssl
If it is a CentOS system, you need to install the module:
Bash
sudo yum install mod_ssl
2. Modify the Apache configuration file
Find Apache's SSL configuration file (usually.
/etc/httpd/conf.d/ssl.conf
or
/etc/apache2/sites-available/default-ssl.conf
), in
<VirtualHost _default_:443>
Modify or add the following path in the block:
<VirtualHost _default_:443>
DocumentRoot "/var/www/html"# your website root
ServerName yourdomain.com:443# Change to your domain name
# Turn on SSL
SSLEngine on
# Configure the three-element path of the certificate
SSLCertificateFile /etc/httpd/ssl/yourdomain.com_bundle.crt
SSLCertificateKeyFile /etc/httpd/ssl/yourdomain.com.key
SSLCertificateChainFile /etc/httpd/ssl/yourdomain.com_chain.crt
# Security Protocol Restrictions
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite HIGH :! aNULL:! MD5:! 3DES
</VirtualHost>
Restart the Apache service
After saving and exiting, restart the service to make the configuration take effect:
CentOS: systemctl restart httpd
Ubuntu: systemctl restart apache2
The fourth stage: on-line verification and pit avoidance inspection
After the configuration is complete, open the browser and directly enter [https:
//yourdomain.com]
(http
s://yourdomain.com)
Check the small green lock: If a "security lock" icon appears on the left side of the address bar, HTTPS deployment is successful.
Check the certificate information: Click on the lock to view the certificate details, and you will find that it is valid for only 90 days.
Check the security group/firewall: if the page cannot be opened, go to the server security group of tengxun console to check whether the 443 port is allowed. If the cloud is released and still cannot be opened, check whether the local firewall (such as iptables or ufw) of the server blocks port 443.
Since the certificate will automatically expire after 90 days, it is recommended that you set an alarm clock after 80 days in your mobile phone calendar.
Or directly consider using the mature automated deployment scripts on the market (such as one-click renewal of the pagoda panel, or hosting through Acme.sh scripts) to completely free your hands.