How to Manage SSL Certificates on DigitalOcean Teams

Validated on 14 May 2024 • Last edited on 15 May 2024 ssl certificate

Some product features, like load balancer SSL termination and custom Spaces CDN endpoints, require SSL certificates. You can view and manage your team’s SSL certificates from the control panel.

In the left menu, click Settings, then click the Security tab to go to the team security page. The Certificates for Load Balancers and Spaces section lists information about any existing certificates, like their names, SHA1 fingerprints, and expiry dates.

The Certificates section of the team security page

Add Certificates

To add a new certificate to your team, click Add Certificate to open the New Certificate window.

The New Certificate window

There are two options for how to add a new certificate:

  • Let’s Encrypt lets you create a fully-managed SSL certificate. Choose this option if you want us to create a new certificate that we automatically renew on your behalf.

  • Bring your own certificate lets you upload an existing certificate. Choose this option if you want to upload a custom certificate or certificate from a commercial certificate authority. You are responsible for manually updating this certificate when it expires.

If you manage your domain with DigitalOcean DNS, you can choose the Let’s Encrypt option to create a new, fully-managed SSL certificate. We create and automatically renew this certificate for you.

Select the domain you want to use, then select a subdomain option:

  • All subdomains (wildcard): Create a wildcard certificate that secures the domain’s apex and any subdomains that do not have an existing DNS records defined.

  • Select an existing subdomain: Create a certificate that secures the domain’s apex and only selected subdomains.

We do not create or change DNS records for subdomains. If your subdomains do not already point at the load balancer, you need to add DNS records for that.

Finally, enter a name for the certificate, then click Generate Certificate.

If you want to upload an existing certificate, or if you prefer to manage your DNS with another provider and want to generate your own, choose Bring your own certificate.

You need to fill in four fields:

  • Certificate name. This is a name you choose to identify the certificate in the DigitalOcean interface. It can only contain letters, numbers, periods, and dashes.

  • Certificate. This is the actual SSL public key or certificate file.

  • Private key. This is the secret key associated with the certificate.

  • Certificate chain. This is the full trust chain between the trusted certificate authority’s certificate and your domain’s certificate.

After you fill out these fields, click Save SSL Certificate.

Delete Certificates

To delete a certificate from your account, first remove it from any Spaces buckets or DigitalOcean Load Balancers it is attached to. Then, click the to the right of the certificate, then click Delete.

In the window that opens, enter the name of the certificate and click Delete Certificate.

Control Panel Blog Pricing Careers Terms Privacy Status API Docs Tutorials Support