2.15.1.1.1. Free certificate from Let’s Encrypt

Let's Encrypt — an automated certification authority providing Available SSL certificates for websites. The goal of this project is to improve the level of security of sites everywhere, since the HTTPS protocol allows the transfer of data from the client to the server in an encrypted form, which makes it impossible to get this data to third parties.

The certificate is issued completely automatically, but requires some basic knowledge of server administration. On our hosting installation certificate is even simpler and does not require additional knowledge, you just need to submit an installation request. For new sites, the certificate is installed automatically for some time after their creation, if all conditions to get it.

During the certificate installation process, Let’s Encrypt checks and validates the domain name and website by sending a series of queries or using DNS records. The process of issuing/revoking certificates is described in more detail at official website.

Let’s encrypt certificates have a number of differences from paid certificates:

  • Financial guarantee — Let’s Encrypt is a non-profit company and does not provide any compensation in the event of a hacked certificate. Third-party companies generally provide some compensation in the event of problems with the security of their certificates.
  • Safety — certificates from Let’s Encrypt have only DV-verification (Domain Validation), in which only the domain name is verified. Third-party CAs can issue certificates that have additional levels of validation, such as OV SSL (Organization Validation) and EV SSL (Extended Validation), thereby providing higher security and a special kind of certificate in the browser bar (display depends on the browser).
  • Certificate validity period — SSL certificates from Let’s Encrypt have a validity period of 90 days, after which it must be obtained again. Third-party companies provide certificates for a period of 1 year or more. (Our dashboard provides a short SSL validity period from Let’s Encrypt and a new certificate is installed on the site before its expiration, thereby ensuring that the current certificate is always available.)
  • Payment systems support — certificate from Let's Encrypt uses SNI (Server Name Identification) technology, which allows you to install multiple certificates on a single IP address. Some payment systems may not support this technology, which may cause difficulties with connecting such payment systems on the site for electronic payments. If Let's Encrypt certificates are supported, please check directly with the payment system.

Important points:

  • Automatic certificate installation is available only for sites on virtual and businesshosting.
  • The certificate installation request is processed automatically, usually it takes no more than an hour.
  • For subdomains of one domain, you can write out no more than 20 certificates per week.
  • The certificate is issued for 3 months and is automatically renewed if the conditions described below are met.
  • The ability to automatically install a certificate is not available for sites hosted on VPS, dedicated servers or hosted by other companies.
  • The certificate cannot be issued for subdomains with the symbol _ In the title.
  • If the site has added 10 or more subdomains (including www), only wildcardcertificate.
  • If the domain settings have CAArecord, then this entry must not prevent the Let’s Encrypt CA from issuing SSL certificates.

Conditions for obtaining a certificate for a domain or subdomain:

If the site has aliases, to be included in the certificate, the same conditions must be met for them.

Conditions for receiving wildcardcertificate:

If the task is to obtain a wildcard certificate, before applying for installation, enable processing requests to non-existent subdomains.

  1. Openup SSL settings.
  2. Click on the button to install the certificate:
    If the certificate is not installed, then on the tab "Free Let’s Encrypt Certificate" click "Set":
    If you already have an installed certificate, but you need to issue a new certificate by Let’s Encrypt, then press "issue only Let’s Encrypt certificate":
    If you receive a notification about the need to direct the domain to the IP of the hosting account, read this information.
  3. If the site has aliases, indicate whether you want to include their addresses in the certificate:
    If there is only one alias:
    If there are several aliases:
    If a wildcard certificate is installed:
  4. Wait for the application to be completed:
Content