Custom Certificate
Upload your own PEM-encoded TLS certificate and private key to replace the default self-signed certificate. The certificate file should contain the full chain (server certificate plus intermediates). After uploading, a stack restart is required for the new certificate to take effect.
Inputs
| Name | Description | Allowed Values | Default |
|---|---|---|---|
| Certificate (.crt / .pem) | PEM-encoded certificate file including the full chain | .crt, .pem, or .cer file | — |
| Private Key (.key / .pem) | PEM-encoded private key matching the certificate | .key or .pem file | — |
How To
Upload a custom TLS certificate
- Obtain a TLS certificate and private key from your CA or internal PKI.
- Ensure the certificate file includes the full chain (server cert + intermediates) in PEM format.
- Click the Certificate file input and select your .crt or .pem file.
- Click the Private Key file input and select your .key or .pem file.
- Click "Upload Certificate" and verify the success message.
- Restart the mipo stack for the new certificate to take effect.
Gotchas
- Both files must be PEM-encoded — DER or PKCS#12 formats are not supported.
- The certificate file must include the full chain (server + intermediates) or browsers will report an incomplete chain.
- A stack restart is required after uploading — the new certificate is not applied until Traefik reloads.
- Uploading a new certificate overwrites the previous one. There is no rollback; keep a backup of your old certificate files.
API Calls (1)
| Method | Path | Description |
|---|---|---|
| POST | /api/admin/ssl/upload | Upload base64-encoded certificate and private key |
Related Pages
- TLS Status — Verify the uploaded certificate is active after restart
- Let's Encrypt — Alternative to custom certificates with automatic renewal