doctl compute certificate create
Generated on 9 Apr 2025
from doctl version
v1.124.0
Usage
doctl compute certificate create [flags]Aliases
cDescription
Creates a new Let’s Encrypt certificate or adds an existing custom certificate to your team. There are two supported certificate types: Let’s Encrypt certificates, and custom certificates.
Let’s Encrypt certificates are free, auto-renewed and managed for you by DigitalOcean.
To create a Let’s Encrypt certificate, you need to add the domain(s) to your account at using the DigitalOcean control panel, or via doctl compute domain create, then provide a certificate name and a comma-separated list of the domain names you’d like to associate with the certificate:
doctl compute certificate create --type lets_encrypt --name mycert --dns-names example.org
To upload a custom certificate, you need to provide a certificate name, the path to the certificate, the path to the certificate’s private key, and the path to the certificate chain, all in PEM format:
doctl compute certificate create --type custom --name mycert --leaf-certificate-path cert.pem --certificate-chain-path fullchain.pem --private-key-path privkey.pem
Flags
| Option | Description |
|---|---|
--certificate-chain-path |
The path on your local machine to a full PEM-formatted trust chain between the certificate authority’s certificate and your domain’s SSL certificate. |
--dns-names |
Comma-separated list of domains for which the certificate will be issued. The domains must be managed using DigitalOcean’s DNS. |
--help, -h |
Help for this command |
--leaf-certificate-path |
The path on your local machine to a PEM-formatted public SSL certificate. |
--name |
A user-specified name for the certificate. (required) |
--private-key-path |
The path on your local machine to a PEM-formatted private-key corresponding to the SSL certificate. |
--type |
The type of certificate, custom or lets_encrypt. |
Related Commands
| Command | Description |
|---|---|
| doctl compute certificate | Display commands that manage SSL certificates and private keys |
Global Flags
| Option | Description |
|---|---|
--access-token, -t |
API V2 access token |
--api-url, -u |
Override default API endpoint |
--config, -c |
Specify a custom config file Default: |
--context |
Specify a custom authentication context name |
--http-retry-max |
Set maximum number of retries for requests that fail with a 429 or 500-level error
Default: 5 |
--http-retry-wait-max |
Set the minimum number of seconds to wait before retrying a failed request
Default: 30 |
--http-retry-wait-min |
Set the maximum number of seconds to wait before retrying a failed request
Default: 1 |
--interactive |
Enable interactive behavior. Defaults to true if the terminal supports it (default false)
Default: false |
--output, -o |
Desired output format [text|json] Default: text |
--trace |
Show a log of network activity while performing a command Default: false |
--verbose, -v |
Enable verbose output Default: false |