How to add SSL certificate (with files .ca-bundle, .crt and .p7b) to a droplet?

Posted November 9, 2020 974 views
NginxUbuntuSecurityInitial Server Setup

I purchased an SSL certificate from Sectigo and want to use it in my droplet.
I received three files from Sectigo:

When I try to add them to my droplet from Account -> Settings -> Security -> Add Certificate
Digital Ocean asks for the following:

  • certificate
  • private key
  • chain certificate

I tried to put *.crt file content in the certificate, *.p7b file in private key, and *.ca-bundle in chain certificate, but I got the error message “Invalid certificate data: The provided certificate or private key is not a valid PEM block”

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

the private key is the key that was created when you generated the CSR as per the instructions on digital ocean’s “how to install an ssl certificate from a commercial certificate authority”. After you input the CSR code at the providers site, (for e.g. at NameCheap you have to cut and paste the CSR code on their site) they create the SSL certificate and send it to you.

Out of the three files they send, the file ending in “crt” is the certificate.
I think the ca-bundle is the chain certificate, but I’m not sure if it will work if you have the ca-bundle filetype or whether you need to change it to crt. I have no idea about that one.