Provides a DigitalOcean Certificate resource that allows you to manage certificates for configuring TLS termination in Load Balancers. Certificates created with this resource can be referenced in your Load Balancer configuration via their ID. The certificate can either be a custom one provided by you or automatically generated one with Let’s Encrypt.
resource "digitalocean_certificate" "cert" {
name = "custom-terraform-example"
type = "custom"
private_key = file("/Users/terraform/certs/privkey.pem")
leaf_certificate = file("/Users/terraform/certs/cert.pem")
certificate_chain = file("/Users/terraform/certs/fullchain.pem")
}
resource "digitalocean_certificate" "cert" {
name = "le-terraform-example"
type = "lets_encrypt"
domains = ["example.com"]
}
Both custom and Let’s Encrypt certificates can be used with other resources
including the digitalocean_loadbalancer
and digitalocean_cdn
resources.
resource "digitalocean_certificate" "cert" {
name = "le-terraform-example"
type = "lets_encrypt"
domains = ["example.com"]
}
# Create a new Load Balancer with TLS termination
resource "digitalocean_loadbalancer" "public" {
name = "secure-loadbalancer-1"
region = "nyc3"
droplet_tag = "backend"
forwarding_rule {
entry_port = 443
entry_protocol = "https"
target_port = 80
target_protocol = "http"
certificate_name = digitalocean_certificate.cert.name
}
}
The following arguments are supported:
name
- (Required) The name of the certificate for identification.type
- (Optional) The type of certificate to provision. Can be either
custom
or lets_encrypt
. Defaults to custom
.private_key
- (Optional) The contents of a PEM-formatted private-key
corresponding to the SSL certificate. Only valid when type is custom
.leaf_certificate
- (Optional) The contents of a PEM-formatted public
TLS certificate. Only valid when type is custom
.certificate_chain
- (Optional) The full PEM-formatted trust chain
between the certificate authority’s certificate and your domain’s TLS
certificate. Only valid when type is custom
.domains
- (Optional) List of fully qualified domain names (FQDNs) for
which the certificate will be issued. The domains must be managed using
DigitalOcean’s DNS. Only valid when type is lets_encrypt
.The following attributes are exported:
id
- The unique name of the certificateuuid
- The UUID of the certificatename
- The name of the certificatenot_after
- The expiration date of the certificatesha1_fingerprint
- The SHA-1 fingerprint of the certificateCertificates can be imported using the certificate name
, e.g.
terraform import digitalocean_certificate.mycertificate cert-01