Setup
Enter your domain and email. We'll issue a real trusted certificate via Let's Encrypt โ no account, no API key, no sign-up required.
Let's Encrypt โ Free, nonprofit, universally trusted CA. No API key needed. Completely free forever. Rate limit: 50 certs/domain/week.
DNS-01 challenge is used โ you must be able to add a TXT record to your domain's DNS. This proves you own the domain. No server access needed.
Generating Keys
Creating your RSA-2048 account key and domain key in-browser using the Web Crypto API. Keys never leave your device.
Generating account key (RSA-2048)...
Waiting...
Waiting...
ACME Registration
Registering your account key with the CA and creating a certificate order.
Fetching ACME directory...
Getting nonce...
Registering account...
Creating certificate order...
Fetching DNS challenge...
DNS Challenge
Add this TXT record to your domain's DNS. Let's Encrypt will verify it to confirm you own the domain.
๐ Add this DNS TXT Record
Type
TXT
Name / Host
_acme-challenge.example.com
Value
Loading...
TTL
300
After adding the record, wait 1โ5 minutes for DNS propagation before clicking below. You can verify with:
dig TXT _acme-challenge.example.com๐ Certificate Issued!
Your SSL certificate has been issued by Let's Encrypt. Download your files below.
Real certificate issued and ready. Download your certificate and private key โ keep the private key secret!
Install on Nginx:
Install on Apache:
ssl_certificate /path/to/fullchain.pem;
ssl_certificate_key /path/to/domain.key;
Install on Apache:
SSLCertificateFile /path/to/fullchain.pem
SSLCertificateKeyFile /path/to/domain.key