How to Manage SSL Certificates

Some DigitalOcean services, like load balancer SSL termination and custom Spaces CDN endpoints, require SSL certificates. You can upload or create certificates during setup of the features that need them. You can also upload, create, and remove certificates at any time from your account settings page.

In the Account section of the main menu, click Settings, then click the Security tab at the top of the page. The Certificates section lists information about any existing certificates, like their names, SHA1 fingerprints, and expiry dates. If you have not added a certificate before, the section is named Certificates for Load Balancers and Spaces.

The Certificates section of the Security page

Add Certificates

To add a new certificate to your DigitalOcean account, click Add Certificate to open the New Certificate window.

The New Certificate window

This window has two tabs for the two ways to add a new certificate:

  • Use Let’s Encrypt to create a fully-managed SSL certificate. Choose this option if you want us to create a new certificate that we automatically renew on your behalf.

  • Bring Your Own Certificate to upload an existing certificate. Choose this option if you want to upload a certificate you already have and understand that you are responsible for manually updating it when it expires.

If you manage your domain with DigitalOcean DNS, you can choose the Use Let’s Encrypt option to create a new, fully-managed SSL certificate. We’ll create and automatically renew this certificate for you.

You cannot currently create wildcard SSL certificates using DigitalOcean’s Let’s Encrypt integration. Instead, choose the Bring your own certificate option to add custom wildcard certificates.

Select the domain you want to use, then optionally select any other subdomains to include, either existing or new. Enter a name for the certificate, then click Generate Certificate.

Once you have generated the certificate, you can secure Nginx with it.

If you want to upload an existing certificate, or if you prefer to manage your DNS with another provider and want to generate your own, choose Bring your own certificate.

You need to fill in four fields:

  • Name. This is a name you choose to identify the certificate in the DigitalOcean interface. It can only contain letters, numbers, periods, and dashes.

  • Certificate. This is the actual SSL public key or certificate file.

  • Private key. This is the secret key associated with the certificate.

  • Certificate chain. This is the full trust chain between the trusted certificate authority’s certificate and your domain’s certificate.

After you fill out these fields, click the Save SSL Certificate button.

Once you have added the certificate, you can secure your webserver with it.

Delete Certificates

To delete a certificate from your account, click More and then Delete from the certificate list:

The SSL certificate more menu