About Let’s Encrypt and Free SSL Certificates
Introduced in 2016, Let's Encrypt is a non-profit and open Certificate Authority (CA). You can request free 90-day SSL certificates (including wildcard & multi-domain certificates) from Let's Encrypt to enable https for your website/web app.
Domain Control Validation MethodsBased on the method you choose to request the certificate, Let's Encrypt has a fixed method of domain control validation (DCV or DV) to prove domain ownership and if you cannot validate using that method, you cannot get the certificate. Paid certificates offer upto 3 different DCV method options via Email/File/DNS to choose from and Email is the most convenient. see details
Site SealLet's Encrypt does not provide a verifiable Site Seal for display on your website like the Comodo one at the bottom-right of this page. Studies show 69% of online shoppers look for websites that display trust symbols.
WarrantyLet's Encrypt certificates do not include a warranty against mis-use or mis-issuance. The paid commercial SSL certificates available on our website include a relying-party warranty that covers losses of customers caused by failure of the certificate while transacting with your website.
Validity PeriodLet's Encrypt certificates are only valid for 90 days and must be renewed/re-issued and setup once again on the website/web server before the previous certificates expire. The paid SSL certificates available on our website are valid for at least one year, and website owners can also choose a validity of 2 years to also reduce cost.
SupportLet's Encrypt does not offer assistance with requesting SSL certificates. Only community help is available for any problems encountered. It is best suited to experienced web server admins who do not need support to generate the certificates or who can automate generation and install of the 90-day certificates. This can be an issue for businesses that are just starting out with using SSL certificates, and need to quickly equip their business sites with an SSL. We provide support to generate and re-issue paid SSL certificates available on our website.
Both Let's Encrypt and paid SSL certificates will do the encryption job that is expected of them in order to protect your sites against interception and eavesdropping.
Your choice will be determined by the type of site you manage, which in turn defines security requirements:
- If you own a simple personal site, a blog or a photo gallery, or just need a quickly configurable, simple and free SSL certificate that you can obtain with minimum effort purely for Google SEO improvement, then Let's Encrypt is a free option you can use.
- If you are an Mobile App developer and want to test connectivity and functionality between your mobile app and your web app server during the development period before launching your solution online, then using Let's Encrypt may be the right choice.
- If you are setting up a temporary website, or a website just for market testing, then using a free certificate from Let's Encrypt will save you some cost.
- If you need a temporary certificate for your business website since the previous paid one has expired.
- If you are a server admin and you can use the server-side automation client software, then you can automatically request and maintain Let's Encrypt certificates for domains hosted on your web server.
If you operate an online store, or a business website/blog where you accept user registrations/payments/subscriptions, then you will need to invest in a paid, warranty-backed SSL certificate with a verifiable Site Seal issued by an established CA.
Paid certificates are not at all expensive. view options
Online Certificate Wizard - Issue UNLIMITED Free SSL Certificates from Let's Encrypt
The online wizard works by generating commands for you to run in your terminal, then making requests to the Let's Encrypt ACME API to issue your certificate so your website can use https for free.
If you don't know how to do something, try clicking the help links in the wizard that explain how to complete that step.
- Requirements for your local machine/server to run commands: openssl and echo. These should all be installed by default in Linux and Mac OSX. If you're running Windows, you might need to install Cygwin to get openssl and echo working on Windows.
Verifying domain ownership can be done in any 1 of 3 ways: adding DNS records / uploading files / running python scripts.
TIP: Since verifying domain ownership via DNS is the quickest and easiest method, we recommend you have access to add DNS records for your domain before you proceed.
By using the Let's Encrypt Certificate wizard on this website you agree to the following:-
Terms: As an end-user (herein after referred to as "You"), your usage of the Let's Encrypt Certificate Wizard made publicly available online by iWebz Retail Pvt Ltd OPC (herein after referred to as "iWebz") implies your acceptance of the following:
- iWebz does not charge any fees for using this Let's Encrypt Certificate wizard to generate free SSL certificates.
- iWebz also does not charge any fees for the 91-day online storage of the CSR and Certificate Chain for later use.
- iWebz does not provide support of any kind beyond the tips displayed at each step of the Let's Encrypt Certificate wizard.
- iWebz does not accept any liability, financial or otherwise, for issues arising out of usage of the Let's Encrypt Certificate wizard and the Let's Encrypt certificates generated/issued using it.
- iWebz also does not accept any liability, financial or otherwise, for the loss or inaccessibility of CSRs and Certificate Chains stored by you on this website, should such a situation arise.
Privacy: By default, iWebz does not record any personally-identifiable information, or any details submitted for certificate generation using the Let's Encrypt Certificate wizard. iWebz also does not keep a record of Let's Encrypt certificates ordered while using this wizard.
After using the wizard to generate the certificate chain, if you choose to use the option to save your CSR and Certificate Chain for later use, iWebz will store only your email address' hash, the CSR used, and the generated Certificate Chain for 91 days.