New design

Русский
Українська
English

Support chat

Select the type of request:

Continue in telegram

0-800-307-307 Hotline
+38 (044) 392-74-33 Kiev
+38 (057) 728-39-00 Kharkiv
+38 (056) 794-38-31 Dnipro
+38 (032) 229-58-93 Lviv
+38 (048) 738-57-70 Odessa
+38(093) 170-15-42 Life
+38 (067) 400-88-44 Kievstar
+1(888)393-24-51 USA, Toll free
+44(131)507-01-14 Great Britain
+7 (499) 348-28-61 Moscow

2.9.1.1. Free Let's Encrypt Certificate

Let's Encrypt - an automated certification authority providing free SSL certificates for websites. The goal of this project is to improve the level of security of sites everywhere, since the HTTPS protocol allows the transfer of data from the client to the server in an encrypted form, which makes it impossible to get this data to third parties.

The certificate is issued completely automatically, but requires some basic knowledge of server administration. On our hosting installing a certificate even simpler and does not require additional knowledge, you just need to submit a request for installation. For new sites, the certificate is installed automatically for some time after their creation, if all conditions to get it.

In the process of installing the certificate, Let's Encrypt verifies and validates the domain name and site by sending a series of requests or using DNS-records. The process of issuing / revoking certificates is described in more detail at official website.

Content:

Differences between a free Let's Encrypt certificate and a commercial one
Conditions for receiving
Installation
Videoinstruction

Let's encrypt certificates have a number of differences from paid certificates:

Financial guarantee - Let's Encrypt is a non-profit company and does not provide any compensation in the event of a hacked certificate. Third-party companies generally provide some compensation in the event of problems with the security of their certificates.
Safety - Let's Encrypt certificates only have DV verification¹⁾, in which only the domain name is checked. Third-party CAs can issue certificates that have additional levels of verification, such as OV SSL²⁾ and EV SSL³⁾thus providing higher security and a special kind of certificate in the browser bar⁴⁾.
Certificate validity period - SSL certificates from Let's Encrypt have a validity period of 90 days, after which it must be obtained again. Third-party companies provide certificates for a period of 1 year or more. (Our dashboard provides a short SSL validity period from Let's Encrypt and a new certificate is installed on the site before its expiration, thereby ensuring that the current certificate is always available.)
Payment systems support - Let's Encrypt certificate uses SNI technology⁵⁾which allows you to install multiple certificates on one IP address. A large number of payment systems do not work with this technology, due to which it may not be possible to connect such payment systems on the site for making electronic payments.

Important points:

Automatic certificate installation is available only for sites on theusual and businesshosting.
The certificate installation request is processed automatically, usually it takes no more than an hour.
For subdomains of one domain, you can subscribe no more than 20 certificates per week.
The certificate is issued for 3 months and is automatically renewed if the conditions described below are met.
The ability to automatically install a certificate is not available for sites hosted on VPS, dedicated servers or hosted by other companies.
The certificate cannot be issued for subdomains with the symbol _ in the name.
If the site has added 10 or more subdomains (including www), only wildcardcertificate.

Conditions for obtaining a certificate for a domain or subdomain:

The domain must be working and correct directed to our hosting (в domain settings address records for addresses with www and without www must be specified the current IP addresses of the hosting account).
The site must be accessible and a 200 server response must be returned when accessing it.
The site should not have access restrictions.
The domain for which the certificate is being applied for should not be on the list of malicious Google Safe Browsing.

If the site has aliasesto be included in the certificate, the same conditions must be met for them.

Conditions for receiving wildcardcertificate:

The domain must be working and served on our NS.
IN site settings should be enabled processing requests to non-existent subdomains.
When submitting an installation request, be sure to agree to include the alias * .example.com in the certificate, where your domain will be instead of example.com.
If the site has aliasesto be included in the certificate, the same conditions must be met as for installation certificate for domain or subdomain.
The domain for which the certificate is being applied for should not be on the list of malicious Google Safe Browsing.

If the task is to obtain a wildcard certificate, before applying for installation, enable processing requests to non-existent subdomains.

To apply for the installation of a certificate, do the following:

Openup SSL settings.
Click on the button to install the certificate:
- If the certificate is not installed
- If there is already an installed certificate
If the certificate is not installed, then on the “Free Let's Encrypt Certificate»Click«Set»:
If you already have an installed certificate, but you need to issue a new certificate by Let's Encrypt, then click "issue only Let's Encrypt certificate»:
In case of an error like “Domain address records must be directed to the IP address of the account server»Check out this information.
If the site has aliases, indicate whether you want to include their addresses in the certificate:
If there is only one alias:
If there are several aliases:
If a wildcard certificate is installed:
Wait for the application to be completed: