User

Custom SSL Certificates

How to upload and install a custom SSL certificate in Opterius Panel.

Last updated 1775606400

If you have a certificate from a commercial CA (DigiCert, Sectigo, GlobalSign, etc.) or a wildcard certificate, you can upload it to Opterius instead of using Let's Encrypt.

When to Use a Custom Certificate

  • Wildcard certificates — covers *.example.com and all subdomains with a single cert
  • EV certificates — Extended Validation certs from commercial CAs
  • Certificates for domains behind Cloudflare proxy — where Let's Encrypt HTTP-01 challenge fails
  • Internal/intranet domains — where Let's Encrypt can't reach the domain
  • Compliance requirements — some organizations require certificates from specific CAs

Preparing Your Certificate

You need three things from your CA:

  1. Certificate (.crt or .pem) — your domain's certificate
  2. Private key (.key) — the private key you generated when creating the CSR. This never leaves your server — don't send it to the CA, don't lose it.
  3. CA bundle / intermediates (.ca-bundle or .pem) — the intermediate certificates from your CA. Most browsers require these.

Uploading the Certificate

  1. In Hosting Mode, go to SSL
  2. Find the domain
  3. Click Upload Certificate
  4. Paste the certificate, private key, and CA bundle into the respective fields
  5. Click Install

The Agent writes the files to /etc/ssl/opterius/{domain}/ and updates the Nginx vhost to use them. Nginx is reloaded.

Certificate + CA Bundle Format

Paste the certificate first, then the CA bundle (intermediates), in one combined PEM:

-----BEGIN CERTIFICATE-----
(your domain certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(intermediate CA certificate)
-----END CERTIFICATE-----

Nginx uses this as ssl_certificate. If you're unsure about the order, most CAs provide a "fullchain" file that has them in the correct order.

Checking a Wildcard Certificate

If you're uploading a wildcard cert (*.example.com), you can use it for any subdomain. Upload it once for the main domain, then apply it to subdomains from the SSL overview.

Replacing an Existing Certificate

Uploading a new certificate for a domain that already has one replaces it. The old files are overwritten.

Next Steps

Previous
← Renewing Certificates
Next
SSL Overview (Bulk Re-check) →