How It Works

  1. Let's Encrypt is the first free and open CA

    We generate certificates using their ACME server by using domain validation.

  2. Private Keys are generated in your browser and never transmitted.

    For modern browsers we generate a private key in your browser using the Web Cryptography API and the private key is never transmitted. The private key also gets deleted off your browser after the certificate is generated. If your browser does not support the Web Cryptography API then the keys will be generated on the server using the latest version of OpenSSL and outputted over SSL and never stored. For the best security you are recommended to use a supported browser for client generation. You can also provide your own CSR when using manual verification in which case the private key is handled completely on your end.

Advanced Options

  1. Free Wildcard Certificates

    Wildcard certificates allow you to secure a domain and any subdomains under that domain. If you wanted to secure any subdomains of that you have now or in the future you can make a wildcard certificate. To generate wildcard certificates add an asterisk to the beginning of the domain(s) followed by a period. Wildcard domains do not secure the root domain so you must re-enter the root domain if you want it also secured under one certificate. For example to create a wildcard domain for enter * To create a wildcard certificate for multiple domains such as and enter * * Manual DNS verification will be required.

  2. Multiple Domains or Subdomains or Wildcards

    Multiple domains or subdomains are allowed and should be separated by spaces (e.g. " *"). If the multiple domains or subdomains pertain to multiple directories then you must use manual HTTP verification and upload verification files to the correct directories or use DNS verification.

  3. Prevent WWW from being Added

    We automatically add the www version of the domain if not already added as most users want that implicitly. To remove the www just submit the domains you want to verify then on the verification page near the top click on "Add / Edit Domains" and remove it and submit again.

Frequently Asked Questions

  1. Can I use my own CSR?

    Yes, just choose one of the manual verification methods and there will be an input at the bottom before the generate certificate button to provide your own CSR.

  2. Do these SSL certificates work for IP addresses?

    No, certificates can only be generated for registered domain names.

  3. Special Characters and Internationalized Domain Names

    For domain names with special characters or international characters we automatically convert it to the punycode representation.

  4. Can Verification Files or TXT records be deleted after verification?

    Yes, all verification files or records can be deleted after verification. It is used only one time for verification purposes.

  5. Further questions or feedback?

    Click here to contact us


  1. Let's Encrypt - For their free ACME client and trusted root certificate cross signed by Iden Trust.
  2. PKIJS - For their amazing Web Crypto wrapper and CSR generation library.
  3. JSZIP - For client zipping and downloading of certificate files.

  • Enjoy SSL Benefits

    • Protect user data & gain trust
    • Improve Search Engine Ranking
    • Prevent forms of website hacking