--> -->

Platform.sh automatically provides standard TLS certificates issued by Let’s Encrypt to all production instances. No further action is required to use TLS-encrypted connections beyond specifying HTTPS routes in your routes.yaml file.

Alternatively, you may provide your own third party TLS certificate from the TLS issuer of your choice at no charge from us. Please consult your TLS issuer for instructions on how to generate an TLS certificate.

A custom certificate is not necessary for development environments. Platform.sh automatically provides wildcard certificates that cover all *.platform.sh domains, including development environments.

Adding a custom certificate through the management console 

You can add a custom certificate via the Platform.sh management console . In the management console for the project go to Settings and click Certificates on the left hand side. You can add a certificate with the Add button at the top of the page. You can then add your private key, public key certificate and optional certificate chain.

Management console configuration for TLS

Adding a custom certificate through the CLI 

Example:

platform domain:add secure.example.com --cert=/etc/TLS/private/secure-example-com.crt --key=/etc/TLS/private/secure-example-com.key

See platform help domain:add for more information.

If something is not working see the troubleshooting guide for common issues. If that doesn’t help, feel free to contact support.