Get Free Let's Encrypt SSL Certificates!


This website will take you through Manual Steps so that you can get your own https certificates for your website.
NOTE: This website is designed for people who know what they are doing and just want to get their free https certificate. If you're not familiar with how to do this, please use the official Let's Encrypt official client that can automatically issue and install https certificates for you.
If you need to renew a certificate, simply complete these steps below again.

Step 1: Account Info

Let's Encrypt requires that you register an account email and public key before issuing a certificate. The email is so that they can contact you if needed, and the public key is so you can securely sign your requests to issue/revoke/renew your certificates. Keep your account private key secret! Anyone who has it can impersonate you when making requests to Let's Encrypt!

Here's how to generate a new account keypair using openssl. Paste these commands in your Terminal.
  1. Generate an account private key if you don't have one:
    (KEEP ACCOUNT.KEY SECRET!)
    openssl genrsa 4096 > account.key
  2. Print your public key:
    openssl rsa -in account.key -pubout
  3. Copy and paste the public key into the box below.


Step 2: Certificate Signing Request

This is the certificate signing request (CSR) that you send to Let's Encrypt in order to issue you a signed certificate. It contains the website domains you want to issue certs for and the public key of your TLS private key. Keep your TLS private key secret! Anyone who has it can man-in-the-middle your website!
How to generate a new Certificate Signing Request (CSR):
  1. Generate a TLS private key if you don't have one:
    (KEEP DOMAIN.KEY SECRET!)
    openssl genrsa 4096 > domain.key

  2. Use your Hosting Control Panel to Generate CSR

    or

  3. Generate a CSR for your the domains you want certs for:
    (replace "foo.com" with your domain)
    Linux:
        #change "/etc/ssl/openssl.cnf" as needed:
        #  Debian: /etc/ssl/openssl.cnf
        #  RHEL and CentOS: /etc/pki/tls/openssl.cnf
        #  Mac OSX: /System/Library/OpenSSL/openssl.cnf
    
        openssl req -new -sha256 -key domain.key -subj "/" \
          -reqexts SAN -config <(cat /etc/ssl/openssl.cnf \
          <(printf "\n[SAN]\nsubjectAltName=DNS:foo.com,DNS:www.foo.com"))
        
  4. Copy and paste the CSR into the box below.


Step 3: Sign API Requests (waiting...to complete previous step.)


Step 4: Verify Ownership (waiting...to complete previous step.)


Step 5: Install Certificate (waiting...to complete previous step.)