Setting up your domain name, Droplets, DigitalOcean Load Balancer, and Let’s Encrypt certificates in the following order will give you the most direct route to success.
You can use load balancers and Droplets by IP address, without assigning a domain name. To use Let’s Encrypt certificates, however, you’ll need a domain that uses DigitalOcean’s name servers and whose DNS records are managed in the DigitalOcean Control Panel.
We recommend transferring domains in this order:
When you’re done, test the new records are working as expected.
There are several ways you can set up these components, but generally, we recommend this order:
When you’ve added the rule, test that you successfully access your site at the domains securely.
Let’s Encrypt certificates are created and added to your load balancer when you add a forwarding rule for HTTPS or HTTP/2. You can create certificates for
You can configure forwarding rules from the main Create Load Balancer Screen or from an individual load balancer’s Settings page.
To create a certificate, select either HTTPS or HTTP2 from the load balancer’s New rule menu.
When you do, a new certificate dropdown menu appears.
Then, choose +New certificate. The base domain is selected by default.
Then choose the domain:
Select the domain(s) and name the certificate. The name can contain alphanumeric characters, dashes, and periods only.
When you select the base domain, a new A record is automatically created that points to the load balancer. If you already have an A record in place, this means you will have two A records: one pointing to the original location and one pointing to the load balancer. To avoid multiple A records, de-select the base domain.
Records for subdomains are not created or changed automatically, so if they do not already point at the load balancer, you’ll need to update them on the Networking section’s Domains tab.
When you’re ready, click Generate Certificate. While the certificate is being issued, a (pending) status is displayed. Once the certificate has been created, the pending status is removed, and you can save the forwarding rule.
As soon as you save the the forwarding rule, it is active and you can begin testing. If your certificate does not complete, see the Troubleshooting section for tips.
If you have pointed your domain at DigitalOcean’s name servers but you have not yet added it in the control panel, you can also choose to +Add a New Domain. This will automatically import your domain to the control panel, add DNS records, and create the certificates.
We strongly recommend that you add your domain to the DigitalOcean Control Panel prior to changing name servers with your registrar. This helps you avoid disruptions in service by creating matching records on DigitalOcean before you make the name server change, which can take up to 48 hours to take effect.
In addition, making changes in this order eliminates the unlikely possibility that another DigitalOcean account could add your domain and create records, potentially disrupting your web site, mail, or other services.
If you wish to continue:
Choose Add a new certificate.
Choose +Add new domain. You’ll receive a warning that you need to update your Name Servers with your registrar, and be given a choice of Going Back or Continuing.
Enter your domain name.
When you generate the certificate, this domain will be imported into the control panel for you. The base domain is selected by default and cannot be deselected. An
A record pointing to the load balancer’s IP address will be automatically created.
Optionally, create and add one or more subdomains to the certificate.
CNAME records that reference the A record of the base domain will be automatically created.
Name the certificate. The name can contain alphanumeric characters, dashes, and periods only.
Click Generate Certificate. A pending status will be displayed until the certificate has been issued.
Once the certificate has been issued, Save the forwarding rule.