> For the complete documentation index, see [llms.txt](https://docs.glesys.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.glesys.com/products/managed-services/managed-linux-hosting/how-tos/install-an-ssl-certificate-on-a-managed-hosting-server.md).
# Install an SSL certificate on a managed hosting server
***
In this guide, we show you how to install an SSL certificate on a server with managed hosting. The guide covers both installing a traditional certificate from a commercial Certificate Authority and installing a certificate issued by Let’s Encrypt.
## Installing a traditional certificate
To purchase a certificate, you first need to generate a CSR (Certificate Signing Request) file. You use the CSR when buying a certificate from a Certificate Authority (CA), so you must have created one in step 1. The CSR contains information about the organization to which the certificate will be issued. It also includes the public key, which, together with a private key, forms a key pair. The private key is generated at the same time as the CSR, and SSL/TLS security relies on keeping the private key secret. Therefore, the recommendation is that the private key never leaves the server on which it was generated. Moreover, the private key is paired with the public key in the certificate, so if you lose the file, the certificate becomes unusable, and you’ll need to purchase a new one.
### Generate a CSR on a managed hosting server
glesys_csrgen
### IMPORTANT ###
if you request a certificate for both top domain and
the subdomain www use "www.domain.tld" as your common name
#################
Country Name (2 letter code): SE
State or Province Name (full name): Halland
Locality Name (eg, city): Falkenberg
Organization Name (eg, company): GleSYS Internet Services AB
Organizational Unit Name (eg, section): IT
Common Name (e.g. server FQDN or YOUR name): www.glesys.se
Email Address: support@glesys.se
#################
CSR is located in ~/.sslcerts/www.glesys.se
Use The Certificate below if these settings are correct
Country Name (2 letter code): SE
State or Province Name (full name): Halland
Locality Name (eg, city): Falkenberg
Organization Name (eg, company): GleSYS Internet Services AB
Organizational Unit Name (eg, section): IT
Common Name (e.g. server FQDN or YOUR name): www.glesys.se
Email Address: support@glesys.se
#################
-----BEGIN CERTIFICATE REQUEST-----
MIIE5zCCAs8CAQAwgaExCzAJBgNVBAYTAlNFMRAwDgYDVQQIDAdIYWxsYW5kMRMw
EQYDVQQHDApGYWxrZW5iZXJnMSQwIgYDVQQKDBtHbGVTWVMgSW50ZXJuZXQgU2Vy
..
..
dmljZXMgQUIxCzAJBgNVBAsMAklUMRYwFAYDVQQDDA13d3cuZ2xlc3lzLnNlMSAw
5u9pumVY+TsOKps=
-----END CERTIFICATE REQUEST-----
### Purchase a certificate
Once you’ve generated the CSR and private key, it’s time to purchase a certificate.
**Some providers you can choose from:**
*
*
*
*
With your certificate provider, you upload the contents—including the *BEGIN CERTIFICATE REQUEST / END CERTIFICATE REQUEST* block—following the provider’s instructions. A common question you’ll need to answer is which service you’ll use the certificate with; select *apache2+modssl*. If anything is unclear, contact the provider’s support. Once the purchase is complete, you’ll receive information and a ZIP file containing the certificate in PEM format together with any intermediate certificates.
An intermediate certificate (sometimes called a chain certificate) is required to complete the trust chain when your CA does not sign your certificate directly with its root certificate.
After you receive your certificate, upload it to an appropriate location in your home directory on the server. Then notify us, and we will install the certificate for you.
## Install a Let's Encrypt certificate
Let’s Encrypt is a service that automates the steps described above and provides the certificate for free. These certificates merely validate that your domain actually points to the correct server and must be renewed every three months. From a cryptographic standpoint, however, they are just as secure as a certificate issued by a commercial Certificate Authority and are more than sufficient for most use cases.
### Implementation of Let's Encrypt
The only requirement for us to install Let’s Encrypt for you is that the domain points to the server that will issue the certificate. If it does, contact us at and we’ll take care of the installation.
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://docs.glesys.com/products/managed-services/managed-linux-hosting/how-tos/install-an-ssl-certificate-on-a-managed-hosting-server.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.