We give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can. We do this because we want to create a more secure and privacy-respecting Web.
The key principles behind Let’s Encrypt are:
Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.
Advanced Options
Free Wildcard SSL CertificatesWildcard certificates allow you to secure any subdomains under a domain. If you wanted to secure any subdomains of example.org that you have now or in the future you can make a wildcard certificate. To generate wildcard certificates add an asterisk to the beginning of the domain(s) followed by a period. Wildcard domains do not secure the root domain so you must re-enter the root domain if you want it also secured under one certificate. For example to create a wildcard domain for example.org enter *.example.org example.org. To create a wildcard certificate for multiple domains such as example.org and example.com enter *.example.org example.org *.example.com example.com. Manual DNS verification will be required.
Multiple Domains or Subdomains or Wildcards
Multiple domains or subdomains are allowed and should be separated by spaces (e.g. "subdomain.domain.com domain.com otherdomain.org *.wildcarddomain.com"). If the multiple domains or subdomains pertain to multiple directories then you must use manual HTTP verification and upload verification files to the correct directories or use DNS verification.
Prevent WWW from being Added
We automatically add the www version of the domain to the certificate (the www. domain may need separate certificate installation for it to work) if not already added as most users want that implicitly. To remove the www just submit the domains you want to verify then on the verification page near the top click on "Add / Edit Domains" and remove it and submit again.
Frequently Asked Questions
Is this free for commercial use?
Yes, it is free for all usages including commercial usage.
Can I use my own CSR?
Yes, just choose one of the manual verification methods and there will be an input at the bottom before the generate certificate button to provide your own CSR.
Do these SSL certificates work for IP addresses?
No, certificates can only be generated for registered domain names.
Special Characters and Internationalized Domain Names
For domain names with special characters or international characters we automatically convert it to the punycode representation.
Can Verification Files or TXT records be deleted after verification?
Yes, all verification files or records can be deleted after verification. It is used only once for each verification.
My website gives a security error after installation
If your website shows a security error then installation was not done correctly. You can try going to https://www.ssllabs.com/ to check SSL certificate installation issues and fix. If you need help with this your best bet would be to contact your host, professional developer or admin for help.
My website works but shows a red "Not Secure" or "Insecure" in the address bar after installation
Your website most likely has insecure content which needs to be remedied. You can try going to https://whynopadlock.com to see issues and fix. If you need help with this your best bet would be to contact your host, professional developer or admin for help.
My website is still not going to HTTPS or Secure after a successful installation
Web servers do not redirect to HTTPS by default. If you want to force it you will have to configure it to force a redirect. This configuration will depend on your server setup. If you need help with this your best bet would be to contact your host, professional developer or admin for help.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.