[Support Guide] Tips for bringing your own custom SSL certificates to Netlify

Hi there! While it’s not a very common occurrence, you may decide to bring your own custom TLS/SSL certificate to provide HTTPS for your Netlify site. Here are some tips that might be helpful in that instance. Also, our HTTPS (SSL) docs include guidelines on what you’ll need to enter in the Netlify app and where to go to enter it.

If you’re stuck with questions about how to format those items, or you need to work with your external certificate provider to troubleshoot the custom cert, here are some tips on how to format the items you’ll need to enter in the Netlify app and the information they need to contain:

  1. The certificate itself, in X.509 PEM format (usually a .crt file)

    Although a certificate in a PEM format is encrypted, the certificate itself should include Issuer and Subject fields. The Subject field must include a CN (CommonName) attribute with a value of at least one of the names shown in your sites’ Domains settings page. To confirm those values in the Netlify UI, go to your site, then Site settings > Domain management > Domains > Custom domains.

    The PEM-formatted contents of the certificate should start with something like:


    and end with something like:

    -----END CERTIFICATE-----
  2. The private key you used to request the certificate

    The private key should start with something like:

    -----BEGIN PRIVATE KEY-----

    and end with something like:

    -----END PRIVATE KEY-----
  3. A chain of intermediary certificates from your Certificate Authority (CA)

    This should be a single file, but it may be several certificates concatenated together in the file. Note there may be many similar stanzas in the same file, or only one; both ways can be valid. This should start with something like:


    and end with something like:

    -----END CERTIFICATE-----

We hope this helps you get your custom certificate set up successfully - it’s a fairly uncommon circumstance, but can be tricky without guidance.

If you have questions or need more clarity, please comment below!



I installed a custom SSL certificate for our site since 2 of our domains were not provisioned with Let’s Encrypt SSL certificates. I believe this was because those 2 domains are pointing to sites not hosted by Netlify.
It says on the HTTPS panel on the Domain Management tab of Site Settings that they were already HTTPS enabled, but upon checking those 2 are not. Is there anything we should configure further?

Hi @pauline.sarana

Welcome to the community!

Could you let us know which sites are having the issue?

Hi @elden ,

Thank you for your response. Already understood though from @hrishikesh response.
The other sites are hosted on groovepages, thus them not provisioned even we provided a custom SSL for them. We’ll have to provide the certificate on the other server to make them HTTPS enabled.