This documentation applies to the Basic SSLMate service. If you are using SSLMate for SaaS, please see the SSLMate Agent Help instead.

Import a Certificate

You can import a certificate you already own to your SSLMate account. An imported certificate works just like a certificate purchased from SSLMate, meaning SSLMate will monitor its expiration and you can set up automated renewals for it. Imported certificates are renewed by SSLMate at SSLMate's pricing.


sslmate import KEYFILE CERTFILE

  • KEYFILE is path to the certificate's private key file. Note: your private key is not uploaded to SSLMate; the SSLMate client only uses it to generate a certificate signing request.

  • CERTFILE is path to the certificate file.

  • The certificate's auto-renewal setting will be set to your account's default auto-renewal setting. To override, specify the --auto-renew or --no-auto-renew options.

  • For other options, run sslmate help import or consult the sslmate(1) man page.

After the sslmate command completes, four files will be placed in your key and cert directories:

  • - the private key
  • - the certificate
  • - the certificate chain (aka intermediate cert)
  • - a concatenation of the certificate and the chain, for convenience

To make automated renewals work seamlessly, you should re-configure your web server to refer to these files at their new locations instead of at their original locations.


  • You cannot reissue, rekey, or revoke imported certificates. Instead, you need to contact the vendor from which you obtained the certificate.
  • You cannot import a certificate with a non-DNS subject alternative name (e.g. an IP address).
  • Although you can import an OV or EV certificate, it will be renewed as a standard domain validated (DV) certificate.

Next step: Set up a cron job to run sslmate download for renewals.

Get Started with SSLMate Today

Buy a new certificate, or import your existing certs for free.

Click to sign up