For browsers which support Web Cryptography (all modern browsers) we generate a private key in your browser using the Web Cryptography API and the private key is never transmitted . The private key also gets deleted off your browser after the certificate is generated. If your browser does not support the Web Cryptography API then the keys will be generated on the server using the latest version of OpenSSL and outputted over SSL and never stored . For the best security you are recommended to use a supported browser for client generation. You can also provide your own CSR when using manual verification in which case the private key is handled completely on your end.

Starting the SSL certificate creation process above will allow you to create one or multiple free SSL certificates, issued by ZeroSSL. Like Let's Encrypt, they also offer their own ACME server, compatible with most ACME plug-ins.

These tutorials have been graciously created by others to help with your SSL certificate verification and installation process depending on your server setup.

We automatically add the www version of the domain to the certificate (the www. domain may need separate certificate installation for it to work) if not already added as most users want that implicitly. To remove the www just submit the domains you want to verify then on the verification page near the top click on "Add / Edit Domains" and remove it and submit again.

Multiple domains or sub-domains are allowed and can be added to your certificate in the second step. Before entering multiple domains, please aleays first enter your primary domain (common name) above and click "Create Free SSL Certificate". If the multiple domains or sub-domains pertain to multiple directories then you must use email verification or manual HTTP verification and upload verification files to the correct directories or use DNS verification.

Wildcard certificates allow you to secure any sub-domains under a domain. If you want to secure any sub-domains of example.org that you have now or in the future you can make a wildcard certificate. To generate wildcard certificates, add an asterisk to the beginning of the domain(s) followed by a period. Wildcard certificates will also secure the root domain, so there is no need to re-enter the root domain in the process. For example, to create a wildcard domain for example.org , enter *.example.org . If you need certificates for multiple domains, such as example.org and example.com , you will need to create a separate wildcard certificate for each domain. Domain verification will be required for each domain.

Is this free for commercial use? Yes, it is free for all usages including commercial usage.

Can I use my own CSR? Yes, just choose one of the manual verification methods and there will be an input at the bottom before the generate certificate button to provide your own CSR.

Do these SSL certificates work for IP addresses? No, certificates can only be generated for registered domain names.

Special Characters and Internationalized Domain Names For domain names with special characters or international characters we automatically convert it to the punycode representation.

Can Verification Files or TXT records be deleted after verification? Yes, all verification files or records can be deleted after verification. It is used only once for each verification.

My website gives a security error after installation If your website shows a security error then installation was not done correctly. You can try going to https://www.ssllabs.com/ to check SSL certificate installation issues and fix. If you need help with this your best bet would be to contact your host, professional developer or admin for help.

My website works but shows a red "Not Secure" or "Insecure" in the address bar after installation Your website most likely has insecure content which needs to be remedied. You can try going to https://whynopadlock.com to see issues and fix. If you need help with this your best bet would be to contact your host, professional developer or admin for help.

My website is still not going to HTTPS or Secure after a successful installation Web servers do not redirect to HTTPS by default. If you want to force it you will have to configure it to force a redirect. This configuration will depend on your server setup. If you need help with this your best bet would be to contact your host, professional developer or admin for help.