How It Works
- ZeroSSL and Let’s Encrypt both offer free 90-day SSL certificates.Starting the SSL certificate creation process above will allow you to create one or multiple free SSL certificates, issued by ZeroSSL. Like Let’s Encrypt, they also offer their own ACME server, compatible with most ACME plug-ins.
- Private Keys are generated in your browser and never transmitted.For browsers which support Web Cryptography (all modern browsers) we generate a private key in your browser using the Web Cryptography API and the private key is never transmitted. The private key also gets deleted off your browser after the certificate is generated. If your browser does not support the Web Cryptography API then the keys will be generated on the server using the latest version of OpenSSL and outputted over SSL and never stored. For the best security you are recommended to use a supported browser for client generation. You can also provide your own CSR when using manual verification in which case the private key is handled completely on your end.
Tutorials
These tutorials have been graciously created by others to help with your SSL certificate verification and installation process depending on your server setup.
- CPanel Shared Server Hosting – SSL Certificate – HTTP Verification, Installation, and Force HTTPS Redirect
- Alternative Hindi Language Version
- Alternative Portuguese Language Version
- Alternative Russian Language Version
- Alternative Spanish Language Version
- Alternative Arabic Language Version
- Alternative Turkish Language Version
- Alternative Persian (Farsi) Language Version
- Microsoft IIS 8.5 Web Server – SSL Certificate – Cloudflare DNS Verification, SSL Certificate PFX Conversion, & Installation
- Microsoft Azure Server Hosting – Wildcard SSL Certificate – DNS Verification, SSL Certificate PFX Conversion, & Installation
- NGINX Server – SSL Certificate – HTTP Verification & Installation
- GoDaddy Shared Server Hosting – SSL Certificate – DNS Verification & Installation
- Hostinger Shared Server Hosting – SSL Certificate – HTTP Verification & Installation
- Plesk (on Media Temple) Server Hosting – SSL Certificate – HTTP / DNS Verification Installation, & Force HTTPS Redirect
- Apache 2.4 Web Server on Linux (such as LAMP) – SSL Certificate – FileZilla HTTP Verification & Installation
- Apache 2.4 Web Server on Windows (such as XAMPP or WAMP) – SSL Certificate – DNS Verification & Installation
- Docker (on DigitalOcean) NGINX Reverse Proxy – SSL Certificate – HTTP Verification & Installation
- SurveyGizmo – SSL Certificate – Cloudflare DNS Verification & Installation
- Convert SSL Certificate Files to PFX File for Microsoft IIS Web Server or Microsoft Azure Web Server
- Install SSL Certificates on other web servers such as cPanel, WHM, Plesk, Plesk Onyx, Apache OpenSSL/ModSSL, IIS 7, IIS 8, IIS 10, Nginx, Tomcat (using keytool), Exchange2007 (PowerShell), DirectAdmin, AWS ELB, Synology NAS, Vesta CP, Mac OS X/Yosemite/El Capitan, Sun Java System Web Server 7.x, Webmin, Node.js, EasyWP, Exchange 2013 (EAC), Exchange 2013 (Shell), Exchange 2010, Heroku, Heroku SSL, Azure Web App, Glassfish, Zimbra, Google Cloud Service, SonicWall, Citrix NetScaler VPX, XAMPP, CWP
- Have a tutorial you’d like to add here? Click here to contact us and we’ll add a link to it here and you’ll get full credit for it
Advanced Options
- Wildcard SSL CertificatesWildcard certificates allow you to secure any sub-domains under a domain. If you want to secure any sub-domains of example.org that you have now or in the future you can make a wildcard certificate. To generate wildcard certificates, add an asterisk to the beginning of the domain(s) followed by a period. Wildcard certificates will also secure the root domain, so there is no need to re-enter the root domain in the process. For example, to create a wildcard domain for example.org, enter *.example.org. If you need certificates for multiple domains, such as example.org and example.com, you will need to create a separate wildcard certificate for each domain. Domain verification will be required for each domain.
- Multiple Domains or Sub-Domains or WildcardsMultiple domains or sub-domains are allowed and can be added to your certificate in the second step. Before entering multiple domains, please aleays first enter your primary domain (common name) above and click “Create Free SSL Certificate”. If the multiple domains or sub-domains pertain to multiple directories then you must use email verification or manual HTTP verification and upload verification files to the correct directories or use DNS verification.
- Prevent WWW from being AddedWe automatically add the www version of the domain to the certificate (the www. domain may need separate certificate installation for it to work) if not already added as most users want that implicitly. To remove the www just submit the domains you want to verify then on the verification page near the top click on “Add / Edit Domains” and remove it and submit again.
Frequently Asked Questions
- Is this free for commercial use?Yes, it is free for all usages including commercial usage.
- Can I use my own CSR?Yes, just choose one of the manual verification methods and there will be an input at the bottom before the generate certificate button to provide your own CSR.
- Do these SSL certificates work for IP addresses?No, certificates can only be generated for registered domain names.
- Special Characters and Internationalized Domain NamesFor domain names with special characters or international characters we automatically convert it to the punycode representation.
- Can Verification Files or TXT records be deleted after verification?Yes, all verification files or records can be deleted after verification. It is used only once for each verification.
- My website gives a security error after installationIf your website shows a security error then installation was not done correctly. You can try going to https://www.ssllabs.com/ to check SSL certificate installation issues and fix. If you need help with this your best bet would be to contact your host, professional developer or admin for help.
- My website works but shows a red “Not Secure” or “Insecure” in the address bar after installationYour website most likely has insecure content which needs to be remedied. You can try going to https://whynopadlock.com to see issues and fix. If you need help with this your best bet would be to contact your host, professional developer or admin for help.
- My website is still not going to HTTPS or Secure after a successful installationWeb servers do not redirect to HTTPS by default. If you want to force it you will have to configure it to force a redirect. This configuration will depend on your server setup. If you need help with this your best bet would be to contact your host, professional developer or admin for help.
- Further questions or feedback?If you want to contact us, please click here.
Other Free SSL Tools
These tools can help with your SSL process. The tools are graciously provided by their respective authors, we are not responsible for any third party SSL tools.
- SSL Certificate Converter – Converting between PEM & PFX Format (PKCS#12 / PKCS#7) for Microsoft IIS, Azure, & other servers
- SSL CSR Generator – Generate your own CSR’s
- SSL Website Certificate Checker – For checking your SSL certificate installation. If you want to check if installation is correct.
- SSL Website Content Checker – For when you have insecure content errors. Insecure images or iframes can cause these errors.
- OpenSSL Toolkit
- FTP Client for help with manual HTTP verification
- Self-Signed SSL Certificate Generator – For when you don’t need a trusted certificate for internal use
Credits
- Let’s Encrypt – For their free ACME client and trusted root certificate cross signed by Iden Trust.
- PKIJS – For their amazing Web Crypto wrapper and CSR generation library.
- JSZIP – For client zipping and downloading of certificate files.