SSL For Free

Free SSL Certificates in Minutes

Advanced Options

Multiple Domains or Subdomains

Multiple domains or subdomains are allowed and should be separated by spaces (e.g. ""). If the multiple domains or subdomains pertain to multiple directories then you must use manual verification and upload verification files to the correct directories.

Prevent WWW from being Added

We automatically add the www version of the domain if not already added as most users want that implicitly. To remove the www just submit the domains you want to verify then on the verification page near the top click on "Add / Edit Domains" and remove it and submit again.

How It Works

  1. Let's Encrypt is the first free and open CA

    We generate certificates using their ACME server by using domain validation.

  2. Private Keys are generated in your browser and never transmitted.

    For modern browsers we generate a private key in your browser using the Web Cryptography API and the private key is never transmitted. The private key also gets deleted off your browser after the certificate is generated. If your browser does not support the Web Cryptography API then the keys will be generated on the server using the latest version of OpenSSL and outputted over SSL and never stored. For the best security you are recommended to use a supported browser for client generation. You can also provide your own CSR when using manual verification in which case the private key is handled completely on your end.

Frequently Asked Questions

  1. Are Wildcard Certificates Supported?

    They are not supported but you can add up to 100 domains and or subdomains per certificate. Just enter all the domains and subdomains you will use separated by a space (e.g. "").

  2. Can I use my own CSR?

    Yes, just choose one of the manual verification methods and there will be an input at the bottom before the generate certificate button to provide your own CSR.


  1. Let's Encrypt - For their free ACME client and trusted root certificate cross signed by Iden Trust.
  2. PKIJS - For their amazing Web Crypto wrapper and CSR generation library.
  3. JSZIP - For client zipping and downloading of certificate files.