As a result of the declaration of the COVID-19 pandemic, several proposals of blockchain-based solutions for digital COVID-19 certificates have been presented. Considering that health data have high privacy requirements, a health data management system must fulfil several strict privacy and security requirements. On the one hand, confidentiality of the medical data must be assured, being the data owner (the patient) the actor that maintain control over the privacy of their certificates. On the other hand, the entities involved in the generation and validation of certificates must be supervised by a regulatory authority. This set of requirements are generally not achieved together in previous proposals. Moreover, it is required that a digital COVID-19 certificate management protocol provides an easy verification process and also strongly avoid the risk of forgery. In this paper we present the design and implementation of a protocol to manage digital COVID-19 certificates where individual users decide how to share their private data in a hierarchical system. In order to achieve this, we put together two different technologies: the use of a proxy re-encryption (PRE) service in conjunction with a blockchain-based protocol. Additionally, our protocol introduces an authority to control and regulate the centers that can generate digital COVID-19 certificates and offers two kinds of validation of certificates for registered and non-registered verification entities. Therefore, the paper achieves all the requirements, that is, data sovereignty, high privacy, forgery avoidance, regulation of entities, security and easy verification.