Get HTTPS for free!
Update: Added wildcard certificate support!
ERROR: Your browser is not compatible with this website (this website
needs WebCryptoAPI's crypto.subtle.digest()). Please upgrade to a modern
browser (Firefox, Chrome, Safari, Edge, IE 11+).
You can now get free https certificates (incuding wildcard certificates)
from the non-profit certificate authority
This is a website that will take you through the manual steps to get your free
https certificate so you can make your own website use https! This website is
asks for your private keys. Never trust a website
that asks for your private keys!
NOTE: This website is for people who know how to generate certificate signing
If you're not familiar with how to do this, please use the
official Let's Encrypt official client
that can automatically issue and install https certificates for you. This
website is designed for people who know what they are doing and just want to get
their free https certificate.
If you need to renew a certificate, simply complete these steps below again.
Step 1: Account Info
Let's Encrypt requires that you register an account email and public key before
issuing a certificate. The email is so that they can contact you if needed, and
the public key is so you can securely sign your requests to issue/revoke/renew
your certificates. Keep your account private key secret! Anyone who has it
can impersonate you when making requests to Let's Encrypt!
Step 2: Certificate Signing Request
This is the certificate signing request (CSR) that you send to Let's Encrypt
in order to issue you a signed certificate. It contains the website domains you
want to issue certs for and the public key of your TLS private key. Keep your
TLS private key secret! Anyone who has it can man-in-the-middle your website!
Step 3: Sign API Requests (waiting...)
Let's Encrypt requires that you sign all of your requests to them with your
account private key. Below are the requests that you will need to sign. The
commands to do this are generated below so you can copy-and-paste them into your
terminal. Be sure to change the account private key location so it points to
your real private key.
Step 4: Verify Ownership (waiting...)
Let's Encrypt requires you prove you own the domains you have in your CSR. You
can do this by serving a specific file at a specific url under your domains.
Below are the files you need to serve along with some copy-and-paste commands
you can run on your website to start serving the file. Once you are serving
the file on your website, click "I'm now running this on...". After that, you
need to tell Let's Encrypt to check the above files to verify ownership of your
domains. This request needs to be signed with your account private key. Below
are the verification requests that you will need to sign. The commands to do
this are generated below so you can copy-and-paste them into your terminal.
Be sure to change the account private key location so it points to your real
Challenges: not loaded yet
Step 5: Install Certificate (waiting...)
Congratulations! Let's Encrypt has issued you a certificate for your domains!
Below is the signed certificate you can use for your website.