Question
Self Signed Cert behind Digital Ocean Load Balancer
- Posted on April 20, 2024
- DigitalOcean Managed Load Balancers
Asked by Andrew Grothe
If I use the SSL Termination on the DO load balancer, but my app also requires SSL, can I run with a self signed certificate and the load balance accept that?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.
Hi there,
When load balancing encrypted web traffic, there are two main configuration choices:
SSL termination, which decrypts SSL requests at the load balancer and sends them unencrypted to the backend via the Droplets’ private IP addresses.
SSL passthrough, which sends encrypted SSL requests directly to the backend, via the Droplets’ private IP addresses. This secures the traffic between the load balancers and the backend servers.
If your backend services needs receive encrypted traffic, you would need to setup SSL passthrough. In this case, what you could do is, instead of using a self-signed certificate, you can use a Let’s Encrypt SSL certificate:
Let me know if this works for you!
Best,
Bobby