How to Use Custom SSL Certificates

When using your Load Balancer for SSL termination, the SSL certificate, private key, and certificate chain must all be uploaded to your DigitalOcean account. These secrets are placed in a secure, encrypted storage system and are not accessible to anyone, including DigitalOcean staff.

When using custom certificates, you can add the required SSL files during the Load Balancer creation process or ahead of time.

To view and create custom certificates, first click on your user icon in the upper-right corner and select Settings. On the settings page, select Security from the left-hand menu:

DigitalOcean security settings

In the TLS/SSL certificates section, you can see your existing certificates’ names and SHA1 fingerprints. You can find the fingerprint of your certificates to compare it with the value in the Control Panel by running the following command on the machine where the certificate is located:

openssl x509 -noout -sha1 -fingerprint -in certificate_file.pem

To add a new certificate ahead of time, click Add Certificate. You will be prompted to choose a name and then enter the certificate, private key, and certificate chain to continue. These files must be entered in PEM format to be accepted.

DigitalOcean Load Balancer new SSL cert

To delete a certificate, click More and then Delete from the certificate list:

Certificates tab

The certificate will be removed from your account.