2.9.1.1. Free Let's Encrypt Certificate

Let's Encrypt — an automated certification authority providing Available SSL certificates for websites. The goal of this project is to improve the level of security of sites everywhere, since the HTTPS protocol allows the transfer of data from the client to the server in an encrypted form, which makes it impossible to get this data to third parties.

The certificate is issued completely automatically, but requires some basic knowledge of server administration. On our hosting installation certificate is even simpler and does not require additional knowledge, you just need to submit an installation request. For new sites, the certificate is installed automatically for some time after their creation, if all conditions to get it.

In the process of installing the certificate, Let's Encrypt verifies and validates the domain name and site by sending a series of requests or using DNS-records. The process of issuing / revoking certificates is described in more detail at official website.

Let's encrypt certificates have a number of differences from paid certificates:

  • Financial guarantee — Let's Encrypt is a non—profit company and does not provide any compensation in the event of a hacked certificate. Third—party companies generally provide some compensation in the event of problems with the security of their certificates.
  • Security — certificates from Let's Encrypt have only DV—verification (Domain Validation), in which only the domain name is verified. Third—party CAs can issue certificates that have additional levels of validation, such as OV SSL (Organization Validation) and EV SSL (Extended Validation), thereby providing higher security and a special kind of certificate in the browser bar (display depends on the browser).
  • Certificate validity period — SSL certificates from Let's Encrypt have a validity period of 90 days, after which it must be obtained again. Third—party companies provide certificates for a period of 1 year or more. (Our dashboard provides a short SSL validity period from Let's Encrypt and a new certificate is installed on the site before its expiration, thereby ensuring that the current certificate is always available.)
  • Payment systems support — Let's Encrypt's certificate uses SNI (Server Name Identification) technology, which allows you to install multiple certificates on one IP address. A large number of payment systems do not work with this technology, due to which it may not be possible to connect such payment systems on the site for making electronic payments.

Important points:

  • Automatic certificate installation is available only for sites on theusual and businesshosting.
  • The certificate installation request is processed automatically, usually it takes no more than an hour.
  • For subdomains of one domain, you can write out no more than 20 certificates per week.
  • The certificate is issued for 3 months and is automatically renewed if the conditions described below are met.
  • The ability to automatically install a certificate is not available for sites hosted on VPS, dedicated servers or hosted by other companies.
  • The certificate cannot be issued for subdomains with the symbol _ In the title.
  • If the site has added 10 or more subdomains (including www), only wildcardcertificate.

Conditions for obtaining a certificate for a domain or subdomain:

If the site has aliasesto be included in the certificate, the same conditions must be met for them.

Conditions for receiving wildcardcertificate:

If the task is to obtain a wildcard certificate, before applying for installation, enable processing requests to non-existent subdomains.

  1. Openup SSL settings.
  2. Click on the button to install the certificate:
    If the certificate is not installed, then on the tab "Free Let's Encrypt Certificate" click "Set":
    If you already have an installed certificate, but you need to issue a new certificate by Let's Encryptthen press "issue only Let's Encrypt certificate":
    If you receive a notification about the need to direct the domain to the IP of the hosting account, read this information.
  3. If the site has aliases, indicate whether you want to include their addresses in the certificate:
    If there is only one alias:
    If there are several aliases:
    If a wildcard certificate is installed:
  4. Wait for the application to be completed:
Content