Install a custom TLS certificate
TLS certificates from Let’s Encrypt are available for domains on the VIP Platform by default, but customers can choose to provision custom TLS certificates from other certificate authorities instead.
All custom TLS certificates require a Certificate Signing Request (CSR). A CSR can be generated by VIP or by the certificate authority generating the custom TLS certificates.
-
Custom TLS certificates with a VIP CSR
A certificate signing request (CSR) from VIP can be generated in order to obtain a custom certificate from a Certificate Authority (CA).
-
Custom TLS certificates with a non-VIP CSR
To install a custom TLS certificate for a domain with a CSR that was not generated by VIP, customers must have in their possession a complete certificate chain generated by a Certificate Authority (CA).
-
Switch from a custom TLS certificate to a Let’s Encrypt certificate
After a custom TLS certificate has been provisioned, it is possible to switch to a Let’s Encrypt TLS certificate at any time.
-
Custom TLS certificate requirements
A custom TLS certificate that is generated by the customer must meet meet a specific set of requirements in order to be successfully installed.
-
Renew a custom TLS certificate
Custom TLS certificates that are installed for a domain should be renewed by the customer prior to their expiration date.
Last updated: June 11, 2025