Installing Netlify SSL Certificate on Other Servers

Short answer: unless Netlify support has something hidden up its sleeve, no. Your best bet is to install a Let’s Encrypt certificate on the server you manage via certbot or other related tool that can connect to Let’s Encrypt’s Certificate Authority.


Longer answer: Let’s Encrypt certificates are tricky things to manage manually, and even moving to Cloudflare won’t give you the same benefits as having the certificate directly. (more on that below)

As was indicated in the post you linked to, it’s not possible to download or obtain a copy of your SSL cert. Let’s Encrypt is very specific in the way it issues certificates, most commonly through a directory or DNS challenge. These certs are issued with a 90-day, no-exceptions expiration and must be refreshed periodically, so even if you could download the cert, you’d have to constantly reinstall it prior to its expiration.

If your service at api.example.com is hosted on another server you’re managing, is there a reason to not use certbot and have Let’s Encrypt issue a certificate for api.example.com?


On moving to Cloudflare for SSL: You mentioned above that you could just as easily move your DNS to Cloudflare which is totally doable with Netlify, however you should be aware that any domains pointing to Netlify should not have traffic routed through Cloudflare (so no orange cloud). Read more about that here: [Common Issue] Why not proxy to Netlify?.

You’ll also need to keep a certificate deployed at Netlify and not at Cloudflare as described here: [Common Issue] Why isn’t my SSL certificate provisioning automatically with Cloudflare & Netlify? Are there other problems with using Cloudflare in front of Netlify?

Lastly, a word of caution on Cloudflare as a SSL Provider: without going into too much detail here, Cloudflare provides various levels of SSL support, most of which will allow you to “enable” SSL on your domain without needing a certificate at the origin or having a certificate at the origin, but one that isn’t validated on page load. Even if traffic between an end user and Cloudflare is encrypted by SSL, traffic from Cloudflare and your server won’t be encrypted and will still be subject to man-in-the-middle attacks, potential ISP interference and injection, packet sniffing, etc. Additionally, because Netlify doesn’t support proxying to their servers and Cloudflare requires you to proxy through them in order to issue a SSL certificate, you wouldn’t be able to set up an SSL to umbrella over example.com anyways.

Hope this answered your question.

1 Like