This tool helps you to obtain SSL certificates for your website. They are issued by Let's Encrypt Certificate Authority and they are absolutely free. The renewals are also free and unlimited. Issued certificates are supported by all major browsers and operating systems.
The certificates are of Domain Validated (DV) type. That means you will only need to confirm your ownership of the domain name. The confirmation process is very simple and there are two options to choose from: DNS verficiation and HTTP verification. The former requires creating a specific DNS record of TXT type for the domain. The latter requires creating a plain text file with a specific content on your web server. Choose the option you are most comfortable with - normally all registrars provide a way to edit DNS records, but you might like creating a text file better. DNS verification also might take a bit longer depending on how quickly your registrar's servers publish the changes (usually within 15-20 minutes), while HTTP verification can be instant.
The certificates are initially valid for 90 days and then can be renewed again and again (also at no cost). Please consider entering your email when using our FREE SSL Certificate Wizard for the first time and registering a new key - that will give you a way to restore your key if you lose access and will provide notifications from Let's Encrypt about certificate expirations. Please note that we do NOT collect or store your email - it gets directly submitted by your browser to Let's Encrypt via HTTPS-secured link shall you decide to enter it. If you don't want expiration reminders to be sent, you can leave it blank.
Our service is fully automated. All the keys, regardless of whether entered or generated on site, are only used by your browser to sign appropriate messages while directly communicating with Let's Encrypt API servers over an encrypted connection. The CSR (Certificate Signing Request) is also sent directly by your browser to Let's Encrypt Certificate Authority. Finally, the certificate is also downloaded by your browser directly from Let's Encrypt via an encrypted connection. None of this information is ever seen by our servers.
The FREE SSL Ceritificate Wizard is making the whole process of getting SSL certificate quick, straightforward and easy to understand. It has minimum fields to fill and just 3 steps - "Details", "Verification" and "Certificate", which should be easy to go through even if you do not have any technical knowledge about SSL and how keys and CSRs are created.
Please note that if a key or a CSR has been generated, then clicking "Next" will not let you move to the next screen until you either download or copy newly created key/CSR (you can use appropriate buttons in the top right corner of each text area).
Also note that if CSR is generated for you, it will be based on a new automatically generated 4096 bits key. If you prefer CSR to be based on your existing key (for example generated with openssl command line), then you should use the "CSR Generator" first and then paste created CSR into the appropeirate field of SSL Ceritificate Wizard.
Important: If you don't have a CSR and you need your certificate for some AWS service (such as API Gateway or CloudFront), then use our "CSR Generator" first and choose 2048 bits - after that use created CSR with SSL Certificate Wizard. This is due to the limitations regarding the maximum key size for AWS services.
This screen does not require you to enter anything. It shows what needs to be done to prove your domain ownership. If you are using HTTP verification, then for each domain on your certificate you will be given a name and the content of the file to be created. Each name is also a link, so after you have created a file, you can click that link to make sure that the file is actually accessible and the content of it is what it should be. If you are using DNS verification, then you will be given a name for the DNS TXT record and its value. It will also show you how to check that your DNS changes became "visible".
After creating a file or making DNS changes (and making sure those are visible) you can click "Next". If everything is done right, you will be moved to the final screen ("Certificate"). If any error happens, then you will see verification results for those domains which have failed verification. After reading the results, click "Next" for the "Verification" screen to be displayed again with the new values for the domains which have failed. There will be no need to re-do those domains on your list which have succeeded verification.
This is the final screen of the wizard. You will have your certificate on it, which you should either download or copy. The certificate contains both your domain certificate and the issuer's certificate. If for some reason issuer's certificate could not be retrieved, you will see a proper warning. If you had your CSR generated, then you will also see your domain key here. It is important to download or copy it too - your certificate will not work without it. If you used an existing CSR on the "Details" screen, then there will be no domain key shown, since you should already have it. Please note that the domain key is not (and should not be) the same as your "Let's Encrypt key".
Once you have received your certificate, then as long as you are using the same "Let's Encrypt key", you will not need to verify the ownership of the same domains during renewals for at least 10 months. So on renewal you will only need to paste your Let's Encrypt key and existing CSR on the "Details" screen and on clicking "Next" you will be moved straight to the "Certificate" screen with your renewed certificate waiting for you!
This tool allows you to generate a self-signed SSL certificate with a 2048 bits key in one click. Those certificates are not trusted by browsers (unless you add them as such), but they are useful for testing and internal use.
You can enter the domain names, IP addresses (both v4 and v6 can be used), URIs or emails into appropriate field. Use whitespaces or commas as separators for multiple entries. Then just click "Generate" button and your key and certificate will be created for you. The validity of the certificate is set to 1 year.
Please note that those are NOT trusted certificates and they should not be used for public web sites. If you are looking for actual trusted certificates - use our FREE SSL Certificate Wizard instead.
This tool allows you to generate Certificate Signing Requests. It can also produce an appropriate RSA Key of 4096 or 2048 bits or you may use your existing key, for example created with "openssl" command.
You will need to enter the domain names you want on your Certificate Signing Request. You can separate them with either whitespaces or commas. The CSR Generator respects the order in which the domains are listed, so the first domain will go to the Subject field. If there's more than one domain name, then they go into SubjectAltNames field in the listed order. Wildcards are allowed in "CSR Generator", but they are not supported by Let's Encrypt (so don't use wildcards if you are going to use the generated CSR with "SSL Certificate Wizard").
You can also choose to edit pre-filled "Organization", "Organizational Unit", "City/Locality", "State/Province" and "Country". Those fields are ignored by Let's Encrypt, but you may need them if you are creating your CSR to use it somewhere else.
You can generate your CSR either based on an existing key, in which case you need to paste it into the area on the left, or on a generated key (in which case you should just leave that area blank). If the key is not entered, then a new 4096 or 2048 bits key (depending on what you have selected) will be automatically generated with the CSR and you will be able to download or copy them to clipboard, using the appropriate buttons in the top right corner of each text area. Please note that all necessary calculations are done in your browser, so it might take a bit to create a long key - on a 5-years old PC it could take up to a minute to create a 4096 bits key.
Note: If you are creating a CSR to get certificates for some AWS service (such as API Gateway or CloudFront), then choose 2048 bits instead of the default 4096 bits. This is due to the limitations regarding the maximum key size for AWS services.
We did our best to make the site and the service compatible with all the most popular modern browsers. However, there are some interface features that might not be available in certain browsers. In particular:
If you are using a "Copy to clipboard" function, always make sure that you have copied the data by pasting it somewhere safe before leaving the page!
If you are annoyed by the MSIE clipboard prompt, you can always turn it off by disabling it in Internet Options> Security> Internet zone> Custom Level> Allow programmatic clipboard access.
We also have an offline ZeroSSL client (le.pl), which can be installed on your own server or other computer where Perl language interpreter is available. Perl is usually installed on most Linux systems and the package works well on many OS and Perl versions. Linux, FreeBSD, NetBSD, Mac OS X and Windows are supported. ZeroSSL client will allow you to get SSL certificates on your own server with a single command. The functionality of a client can be easily extended with external Perl modules. The package also includes a development library, which you can use to automate the process in any way you like or even create your own client application.
Unfortunately, your request could not be processed. This is an extremely rare case and it might be triggered by some extensions in your browser (for example those altering User-Agent) or some proxy servers. Please try disabling those and reload the page. If you keep seeing this error, then let us know and we'll try to find out what might be happening in your case.
Unfortunately, your request could not be processed. It appears that your browser might not be fully supporting the functionality of the site. This is an extremely rare case, sometimes caused by unusual extensions installed in the browser. Please try again and if you keep seeing this error, then let us know and we'll try to find out what might be happening in your case.