(Optional) Configure a third-party TLS certificate

Last updated 11th May 2021

Objective

Web PaaS automatically provides standard TLS certificates issued by Let's Encrypt to all production instances. No further action is required to use TLS-encrypted connections beyond specifying HTTPS routes in your routes.yaml file.

Alternatively, you may provide your own third party TLS certificate from the TLS issuer of your choice at no charge from us. Please consult your TLS issuer for instructions on how to generate an TLS certificate.

A custom certificate is not necessary for development environments. Web PaaS automatically provides wildcard certificates that cover all *.platform.sh domains, including development environments.

The private key should be in the old style, which means it should start with BEGIN RSA PRIVATE KEY. If it starts with BEGIN PRIVATE KEY that means it is bundled with the identifier for key type.

To convert it to the old-style RSA key:

bash openTLS rsa -in private.key -out private.rsa.key

Adding a custom certificate through the management console

You can add a custom certificate via the Web PaaS management console. In the management console for the project go to Settings and click Certificates on the left hand side. You can add a certificate with the Add button at the top of the page. You can then add your private key, public key certificate and optional certificate chain.

You will need to redeploy the impacted environment(s) for the new certificate to be taken into account.

bash webpaas environment:redeploy

Management console configuration for TLS

Adding a custom certificate through the CLI

Example:

webpaas domain:add secure.example.com --cert=/etc/TLS/private/secure-example-com.crt --key=/etc/TLS/private/secure-example-com.key

See webpaas help domain:add for more information.

Your site should now be live, and accessible to the world (as soon as the DNS propagates).

If something is not working see the troubleshooting guide for common issues. If that doesn't help, feel free to contact support.


Did you find this guide useful?

Please feel free to give any suggestions in order to improve this documentation.

Whether your feedback is about images, content, or structure, please share it, so that we can improve it together.

Your support requests will not be processed via this form. To do this, please use the "Create a ticket" form.

Thank you. Your feedback has been received.


These guides might also interest you...

OVHcloud Community

Access your community space. Ask questions, search for information, post content, and interact with other OVHcloud Community members.

Discuss with the OVHcloud community

In accordance with the 2006/112/CE Directive, modified on 01/01/2015, prices exclude VAT. VAT may vary according to the customer's country of residence.