Do you want to install SSL on the DigitalOcean Droplet?
SSL certificate encrypts the sensitive information sent over the Internet, thereby ensuring trust to the website visitors.
DigitalOcean allows the users to add new self-signed certificates or to upload an already existing certificate to it.
At Bobcares, we often get requests to install SSL on DigitalOcean droplets, as a part of our DigitalOcean Managed Services.
Today, our Support Engineers will give a quick guide on how we do it.
Different options to install SSL on DigitalOcean
The SSL certificates allow web servers to encrypt the traffic. Additionally, it provides a way to validate server identity to visitors.
The DigitalOcean control panel allows its users to either add a new certificate from Let’s Encrypt or upload an existing certificate.
Now we’ll have a look at the certificate providers.
Let’s Encrypt is a free and trusted certificate provider. DigitalOcean allows us to automatically add a certificate to the domain. This is a self-signed certificate.
These certificates are valid for just 90 days. Afterward, the user can renew it. Hence small website owners often opt for the self-signed certificate.
But, larger website owners with higher traffic prefer paid certificates that have extended validity. The major advantage of a paid SSL certificate is that it doesn’t show a warning message to the website visitors.
Some popular certificate providers include GoDaddy, Namecheap, etc.
How to install SSL on a Droplet?
Now we will see the steps to add the free SSL certificate from Let’s Encrypt and paid certificate from other CAs.
Using Let’s Encrypt to secure the domain
Let’s Encrypt provides free SSL for domains. DigitalOcean does support this, but the DNS must be with them. So a user can use free SSL if the nameservers of the domain are with DigitalOcean.
To change the nameservers, the domain owners can contact the registrar. Now let’s see the steps to add the Let’s Encrypt certificate for the domain.
- First login to the DigitalOcean control panel. Here select ACCOUNT >> Security from the side panel.
- Next under the section Certificates choose the tab Add Certificate. Here select the tab Use Let’s Encrypt and add the domain from the list.
- If the domain is not listed click on + Add new domain. This shows a warning to change the nameservers. So click Yes and continue.
- Next enter the domain name and subdomain if any. Also, provide a name for the certificate.
- Finally, click on the Generate certificate.
The Add Certificate window appears as,
Adding already existing certificate
Some users will already have paid certificates for their domain. In this case, other providers can manage the DNS. In such cases, we can add them to the DigitalOcean droplet. Let’s see the steps for this.
- First, select the option Add Certificate from the Security option as before. Here, we select the tab Bring your own certificate.
- Now add the Name for the certificate.
- Next, paste the public key in the Certificate option.
- Then paste the Private key and Certificate chain respectively.
- Finally, Save the SSL Certificate.
Now we have the certificates added to the DigitalOcean in either of the ways. Next, we have to force the HTTP connection to HTTPS. Usually, we check the web server and modify the rewrite rule accordingly.
[Need assistance in managing DigitalOcean droplet? – We can help you.]
So far we saw the ways to install SSL on DigitalOcean Droplet. SSL enables HTTPS protocol which secures the connection between a browser and a web server. Today we saw how our Support Engineers do this.