How to Manage SSL Certificates

Some DigitalOcean services, like load balancer SSL termination and custom Spaces CDN endpoints, require SSL certificates. You can upload or create certificates during setup of the features that need them. You can also upload, create, and remove certificates at any time from your account settings page.

In the main navigation, under Accounts, select Security. The Certificates section lists information about any existing certificates, like their names, SHA1 fingerprints, and expiry dates.

The Certificates section of the Security page

Add Certificates

To add a new certificate to your DigitalOcean account, click Add Certificate. The window that opens has two tabs for the two ways to add a new certificate:

  • Use Let’s Encrypt to create a fully-managed SSL certificate.

  • Bring Your Own Certificate to upload an existing certificate.

The New Certificate window

Use Let’s Encrypt

If you manage your domain with DigitalOcean DNS, you can choose the Use Let’s Encrypt option to create a new, fully-managed SSL certificate. We’ll create and automatically renew this certificate for you.

You cannot currently create wildcard SSL certificates using DigitalOcean’s Let’s Encrypt integration.

Select the domain you want to use, then optionally select any other subdomains to include, either existing or new. Enter a name for the certificate, then click Generate Certificate.

Bring Your Own Certificate

If you want to upload an existing certificate, or if you prefer to manage your DNS with another provider and want to generate your own, choose Bring your own certificate.

Enter the name, certificate, private key, and certificate chain in the respective fields, then click Save SSL Certificate.

Delete Certificates

To delete a certificate, click More and then Delete from the certificate list:

The SSL certificate more menu

The certificate will be removed from your account.