Menu
Feedback
Start here
Tutorials
Frequently Asked Questions
Known Issues
Troubleshooting
Support Rules
Announcements
Status
Developer portal
Security
VTEX Shield
Custom SSL certificates
Custom SSL certificates

This feature is part of VTEX Shield. If you are already a VTEX customer and want to adopt VTEX Shield for your business, please contact Commercial Support. Additional fees may apply. If you are not yet a customer but are interested in this solution, please complete our contact form.

By default, VTEX uses SSL certificates issued by Let's Encrypt, an open-source solution widely adopted in the market. This approach guarantees security, reliability, and compatibility with most browsers.

However, some stores require custom SSL certificates for specific compliance reasons, internal security requirements, or certification entities that offer additional warranties.

To meet this requirement, the SSL Certificates page allows you to install a new custom SSL certificate and manage existing certificates.

The page displays the following information in a table:

ColumnsDescription
DomainHost address, consisting of subdomain, domain and top-level domain. For example: www.mystore.com. Learn more about the structure of this address in Configuring the store domain.
CACertificate Authority.
Installed onDate the certificate was installed.
Expires onDate the certificate expires.
StatusCertificate status, which can be:
  • Active: Valid and active for the host.
  • Overwritten: The certificate for this host has been replaced by another through an external method, such as an API call on the CDN.
  • Installing: Certificate installation in progress.
  • Unknown: The certificate status couldn't be determined due to internal technical problems with communication, configuration, or monitoring.
  • Expires soon: The certificate is close to its expiration date (30 days before or less).
  • Installation failed: After the status Installing, the installation can fail, and the user will need to try again later.
  • Expired: The expiration date passed.

Prerequisites

Before installing a custom certificate, the following requirements must be met:

  • Be a user associated with a role from the License Manager resources listed below to view and manage the information on the page:

    • Product: CDN API
    • Category: Certificate management
    • Resources: Update certificate and View certificate

  • Have a .KEY file with the certificate private key up to 1 MB saved on your device.

  • Have a .CRT file with the certificate up to 1 MB saved on your device.

Installing a new SSL certificate

Follow the instructions below to install a new custom certificate on VTEX:

  1. In the VTEX Admin, go to Store settings > Shield > SLL Certificates.
  2. Click Install new.
  3. In the Hosts field, select one or more hosts to apply the certificate. Only the hosts previously added to your account will be displayed.
  4. Under Private key, click Choose a file to select a .key file up to 1 MB saved on your device.
  5. In Certificate, click Choose a file to select a .crt file up to 1 MB saved on your device.
  6. Click Install.

If the configuration is successful, you will be redirected to the certificate list page, where you can view the selected hosts.

The installation may take 7 days to complete, and during this time, the status of the hosts will be Installing. After the installation is complete, the status of the hosts will change to Active.

To learn how to resolve installation errors, see the troubleshooting guide ℹ️ Error installing custom SSL certificate.

Learn more

Contributors
1
Photo of the contributor
+ 1 contributors
Was this helpful?
Yes
No
Suggest Edits (GitHub)
Web Application Firewall (WAF)
« Previous
Mutual Transport Layer Security (mTLS)
Next »
Contributors
1
Photo of the contributor
+ 1 contributors
On this page
Still got questions?
Ask the community
Find solutions and share ideas in the VTEX community.
Join our community
Request support from VTEX
For personalized assistance, contact our experts.
Open a support ticket
GithubDeveloper portalCommunityFeedback