All that is required to publish an SSL certificate is a private key, and there can be many associated with a single domain. Netlify’s SSL certificate issuance is an integrated solution that uses Netlify DNS to generate and validate a certificate, so you’d need to switch DNS to use it, however you do not need to use Netlify’s integrated solution: there is also the “Set custom certificate” option.
Therefore, you can generate an SSL certificate with a third-party service (whether that’s paid, or free) and then validate it (using DNS on your current architecture) and then upload that to Netlify. A shortcut would be to use your current production SSL certificate (just grab the certificate and private key from your infrastructure) but it’s possible you can’t easily extract it.
- Generate a certificate for your domain, using the current architecture to validate the certificate (either using Let’s Encrypt or purchase from somewhere like SSLs.com)
- Upload the “Certificate” and “Private Key” via “Set custom certificate” in the Netlify dashboard
- Done! You now have 2 different systems, both with valid SSL certificates for your domain
Then, once you’ve switched your DNS over to Netlify and all traffic is being routed to Netlify you can switch from a custom certificate to a Netlify managed certificate – as long as you do it before your custom certificate expires, there’ll be no interruption of service.