doctl compute certificate create

Go to Navigation


doctl compute certificate create [flags]




This command allows you to create a certificate. There are two supported certificate types: Let’s Encrypt certificates, and custom certificates.

Let’s Encrypt certificates are free and will be auto-renewed and managed for you by DigitalOcean.

To create a Let’s Encrypt certificate, you’ll need to add the domain(s) to your account at, or via doctl compute domain create, then provide a certificate name and a comma-separated list of the domain names you’d like to associate with the certificate:

doctl compute certificate create --type lets_encrypt --name mycert --dns-names

To upload a custom certificate, you’ll need to provide a certificate name, the path to the certificate, the path to the private key for the certificate, and the path to the certificate chain, all in PEM format:

doctl compute certificate create --type custom --name mycert --leaf-certificate-path cert.pem --certificate-chain-path fullchain.pem --private-key-path privkey.pem


--certificate-chain-pathThe path to a full PEM-formatted trust chain between the certificate authority’s certificate and your domain’s SSL certificate.
--dns-namesComma-separated list of domains for which the certificate will be issued. The domains must be managed using DigitalOcean’s DNS.
--help, -hHelp for this command
--leaf-certificate-pathThe path to a PEM-formatted public SSL certificate.
--nameCertificate name (required)
--private-key-pathThe path to a PEM-formatted private-key corresponding to the SSL certificate.
--typeCertificate type [custom|lets_encrypt]
doctl compute certificateDisplay commands that manage SSL certificates and private keys

Global Flags

--access-token, -tAPI V2 access token
--api-url, -uOverride default API endpoint
--config, -cSpecify a custom config file
  • macOS: ${HOME}/Library/Application Support/doctl/config.yaml
  • Linux: ${XDG_CONFIG_HOME}/doctl/config.yaml
  • Windows: %APPDATA%\doctl\config.yaml
--contextSpecify a custom authentication context name
--output, -oDesired output format [text|json]
Default: text
--traceShow a log of network activity while performing a command
Default: false
--verbose, -vEnable verbose output
Default: false