doctl compute certificate create

Generated on 9 Apr 2025 from doctl version v1.124.0

Usage

doctl compute certificate create [flags]

Aliases

c

Description

Creates a new Let’s Encrypt certificate or adds an existing custom certificate to your team. There are two supported certificate types: Let’s Encrypt certificates, and custom certificates.

Let’s Encrypt certificates are free, auto-renewed and managed for you by DigitalOcean.

To create a Let’s Encrypt certificate, you need to add the domain(s) to your account at using the DigitalOcean control panel, or via doctl compute domain create, then provide a certificate name and a comma-separated list of the domain names you’d like to associate with the certificate:

doctl compute certificate create --type lets_encrypt --name mycert --dns-names example.org

To upload a custom certificate, you need to provide a certificate name, the path to the certificate, the path to the certificate’s private key, and the path to the certificate chain, all in PEM format:

doctl compute certificate create --type custom --name mycert --leaf-certificate-path cert.pem --certificate-chain-path fullchain.pem --private-key-path privkey.pem

Flags

Option Description
--certificate-chain-path The path on your local machine to a full PEM-formatted trust chain between the certificate authority’s certificate and your domain’s SSL certificate.
--dns-names Comma-separated list of domains for which the certificate will be issued. The domains must be managed using DigitalOcean’s DNS.
--help, -h Help for this command
--leaf-certificate-path The path on your local machine to a PEM-formatted public SSL certificate.
--name A user-specified name for the certificate. (required)
--private-key-path The path on your local machine to a PEM-formatted private-key corresponding to the SSL certificate.
--type The type of certificate, custom or lets_encrypt.
Command Description
doctl compute certificate Display commands that manage SSL certificates and private keys

Global Flags

Option Description
--access-token, -t API V2 access token
--api-url, -u Override default API endpoint
--config, -c Specify a custom config file
Default:
    --context Specify a custom authentication context name
    --http-retry-max Set maximum number of retries for requests that fail with a 429 or 500-level error
    Default: 5
    --http-retry-wait-max Set the minimum number of seconds to wait before retrying a failed request
    Default: 30
    --http-retry-wait-min Set the maximum number of seconds to wait before retrying a failed request
    Default: 1
    --interactive Enable interactive behavior. Defaults to true if the terminal supports it (default false)
    Default: false
    --output, -o Desired output format [text|json]
    Default: text
    --trace Show a log of network activity while performing a command
    Default: false
    --verbose, -v Enable verbose output
    Default: false

    We can't find any results for your search.

    Try using different keywords or simplifying your search terms.