Self signed certs

I’m making my first self-signed certificate for https and have a question. Because I have a shared hosting plan (L3), do I have to store a root-only access decrypted copy of my private key for the server? Because I’m not so fond of that idea.

Am I reading the openssl documentation right? If the PK is encrypted, every time the web server is rebooted, the pass phrase embedded in the cert has to be manually entered, i.e. someone at DH would have to know it and type it in. And the only way around this is to place an unencrypted copy of my PK on a machine I don’t have physical access to…? :-/

If I’m missing something here, please straighten me out. :slight_smile: