SSL For Free

Free SSL Certificates in Minutes

Free Wildcard Certificates Now Supported

https://







How It Works

  1. Let's Encrypt is the first free and open CA

    We generate certificates using their ACME server by using domain validation.

  2. Private Keys are generated in your browser and never transmitted.

    For modern browsers we generate a private key in your browser using the Web Cryptography API and the private key is never transmitted. The private key also gets deleted off your browser after the certificate is generated. If your browser does not support the Web Cryptography API then the keys will be generated on the server using the latest version of OpenSSL and outputted over SSL and never stored. For the best security you are recommended to use a supported browser for client generation. You can also provide your own CSR when using manual verification in which case the private key is handled completely on your end.



Advanced Options

  1. Free Wildcard Certificates

    Wildcard certificates allow you to secure any subdomains under a domain. If you wanted to secure any subdomains of example.org that you have now or in the future you can make a wildcard certificate. To generate wildcard certificates add an asterisk to the beginning of the domain(s) followed by a period. Wildcard domains do not secure the root domain so you must re-enter the root domain if you want it also secured under one certificate. For example to create a wildcard domain for example.org enter *.example.org example.org. To create a wildcard certificate for multiple domains such as example.org and example.com enter *.example.org example.org *.example.com example.com. Manual DNS verification will be required.

  2. Multiple Domains or Subdomains or Wildcards

    Multiple domains or subdomains are allowed and should be separated by spaces (e.g. "subdomain.domain.com domain.com otherdomain.org *.wildcarddomain.com"). If the multiple domains or subdomains pertain to multiple directories then you must use manual HTTP verification and upload verification files to the correct directories or use DNS verification.

  3. Prevent WWW from being Added

    We automatically add the www version of the domain to the certificate (the www. domain may need separate certificate installation for it to work) if not already added as most users want that implicitly. To remove the www just submit the domains you want to verify then on the verification page near the top click on "Add / Edit Domains" and remove it and submit again.



Frequently Asked Questions

  1. Can I use my own CSR?

    Yes, just choose one of the manual verification methods and there will be an input at the bottom before the generate certificate button to provide your own CSR.

  2. Do these SSL certificates work for IP addresses?

    No, certificates can only be generated for registered domain names.

  3. Special Characters and Internationalized Domain Names

    For domain names with special characters or international characters we automatically convert it to the punycode representation.

  4. Can Verification Files or TXT records be deleted after verification?

    Yes, all verification files or records can be deleted after verification. It is used only once for each verification.

  5. Further questions or feedback?

    Click here to contact us



Credits

  1. Let's Encrypt - For their free ACME client and trusted root certificate cross signed by Iden Trust.
  2. PKIJS - For their amazing Web Crypto wrapper and CSR generation library.
  3. JSZIP - For client zipping and downloading of certificate files.