Manage cookies that are used for advertising, such as ad personalization, remarketing, and ad effectiveness analysis.
2.15.1.1.1. Free certificate by Let's Encrypt
Let's Encrypt — automated certification center providing free SSL certificates for sites. The goal of this project is to increase the security level of sites everywhere, as the HTTPS protocol allows data to be transmitted from the client to the server in encrypted form, which prevents third parties from obtaining this data.
For sites on our hosting installation of certificate is fully automatic and does not require knowledge about administration, you just need to submit a request for installation. For all added sites the certificate installation request is submitted automatically, if Conditions for obtaining are met.
During the certificate installation process, Let's Encrypt performs domain and site verification and validation by sending a series of HTTP requests or using DNS records. The certificate issuance/revocation process is described in detail on official Let's Encrypt site.
Differences from commercial certificates
Certificates by Let's Encrypt have a number of differences from paid certificates:
- Financial guarantee — Let's Encrypt is a non-profit company and does not provide any compensation in case of certificate tampering. Third-party companies may provide some compensation in case of security problems with their certificates.
- Security — Let's Encrypt certificates are DV (Domain Validation) only, where only the domain is validated. Third-party certificate authorities may issue certificates with additional validation levels, such as OV SSL (Organization Validation) and EV SSL (Extended Validation), thereby providing higher security and a special appearance of the certificate in the browser bar (display depends on the browser).
- Certificate validity period — Let's Encrypt certificates are valid for 90 days, after which they need to be renewed (for sites on our hosting, the certificate is renewed automatically and this happens in advance, before the 90-day period expires). Third-party companies provide certificates for a period of 1 year or more, certificate renewal is performed manually.
- Payment system support — Let's Encrypt certificate uses SNI (Server Name Identification) technology, which allows you to install multiple certificates on a single IP address. Some payment systems may not support this technology, which may cause difficulties with connecting such payment systems to the site for electronic payments. If Let's Encrypt certificates are supported, please check directly with the payment system.
Conditions for obtaining
Important points:
- Automatic certificate installation is only available for sites on shared and business hosting.
- The certificate installation request is processed automatically, it usually takes no more than an hour.
- No more than 20 certificates can be issued per week for subdomains of the same domain.
- The certificate is issued for 3 months and is automatically renewed if the conditions described below are met.
- Certificate cannot be issued for subdomains with
_in the name. - For a site with 10 or more subdomains (including www), only wildcard certificate can be issued.
- If there is a CAA record in the domain settings, this record must not prohibit Let's Encrypt Certificate Authority from issuing SSL certificates.
- The ability to automatically install a certificate is not available for sites that are hosted on VPS, dedicated servers or hosting of other companies.
Certificate for domain or subdomain
Conditions for obtaining a certificate for a domain or subdomain:
- The domain must be operational and correctly pointed to our hosting (in domain settings, in the address records for the address with and without www, the main IP addresses of the hosting account must be specified).
- The site must be accessible and a server 200 response must be returned when accessed.
- No access restrictions should be set for the site.
- The domain must not be on the malicious list in Google Safe Browsing.
If the site has aliases to be included in the certificate, the same conditions must be met for them.
Wildcard certificate
Conditions for obtaining a wildcard certificate:
- The domain must be operational and served on our NS.
- In the site settings, the processing requests for non-existent subdomains must be enabled.
- When submitting an installation request, be sure to agree to include the *.example.com alias in the certificate (instead of example.com, it will be your domain).
- If the site has aliases to be included in the certificate, the same conditions must be met for them as for installing certificate for domain or subdomain.
- The domain must not be on the malicious list in Google Safe Browsing.
Install
To obtain a wildcard certificate, enable processing requests for non-existent subdomains before submitting a installation request.
- Open the "SSL settings" section.
- Click the button to install the certificate:If the certificate is not yet installed, on the "Free certificate by Let's Encrypt" tab, click "Install":
If there is an installed certificate but you need a new certificate from Let's Encrypt instead, click "issue only Let's Encrypt certificate":
If an error occurs, see Notification of the need to point the domain to the hosting account IP. - If the site has aliases, specify whether to include their addresses in the certificate:If the alias is one:
If there are multiple aliases:
If installing a wildcard certificate:
- Expect the request to be completed:
(7)
Comments