doctl compute certificate create

Generated on 28 March 2025 from doctl v1.124.0 ( f218d20 )

Usage

doctl compute certificate create [flags]

Aliases

Description

Creates a new Let’s Encrypt certificate or adds an existing custom certificate to your team. There are two supported certificate types: Let’s Encrypt certificates, and custom certificates.

Let’s Encrypt certificates are free, auto-renewed and managed for you by DigitalOcean.

To create a Let’s Encrypt certificate, you need to add the domain(s) to your account at using the DigitalOcean control panel, or via doctl compute domain create, then provide a certificate name and a comma-separated list of the domain names you’d like to associate with the certificate:

doctl compute certificate create --type lets_encrypt --name mycert --dns-names example.org

To upload a custom certificate, you need to provide a certificate name, the path to the certificate, the path to the certificate’s private key, and the path to the certificate chain, all in PEM format:

doctl compute certificate create --type custom --name mycert --leaf-certificate-path cert.pem --certificate-chain-path fullchain.pem --private-key-path privkey.pem

Flags

Option	Description
`--certificate-chain-path`	The path on your local machine to a full PEM-formatted trust chain between the certificate authority’s certificate and your domain’s SSL certificate.
`--dns-names`	Comma-separated list of domains for which the certificate will be issued. The domains must be managed using DigitalOcean’s DNS.
`--help` , `-h`	Help for this command
`--leaf-certificate-path`	The path on your local machine to a PEM-formatted public SSL certificate.
`--name`	A user-specified name for the certificate. (required)
`--private-key-path`	The path on your local machine to a PEM-formatted private-key corresponding to the SSL certificate.
`--type`	The type of certificate, `custom` or `lets_encrypt`.

Command	Description
doctl compute certificate	Display commands that manage SSL certificates and private keys

Global Flags

Option	Description
`--access-token`, `-t`	API V2 access token
`--api-url`, `-u`	Override default API endpoint
`--config`, `-c`	Specify a custom config file Default: macOS: `${HOME}/Library/Application Support/doctl/config.yaml` Linux: `${XDG_CONFIG_HOME}/doctl/config.yaml` Windows: `%APPDATA%\doctl\config.yaml`
`--context`	Specify a custom authentication context name
`--http-retry-max`	Set maximum number of retries for requests that fail with a 429 or 500-level error Default: `5`
`--http-retry-wait-max`	Set the minimum number of seconds to wait before retrying a failed request Default: `30`
`--http-retry-wait-min`	Set the maximum number of seconds to wait before retrying a failed request Default: `1`
`--interactive`	Enable interactive behavior. Defaults to true if the terminal supports it (default false) Default: `false`
`--output`, `-o`	Desired output format [text\|json] Default: `text`
`--trace`	Show a log of network activity while performing a command Default: `false`
`--verbose`, `-v`	Enable verbose output Default: `false`

Was this page helpful? Thank you!

Give Feedback

In this article...