getfreessl.org — Free SSL Powered by Let's Encrypt

Real free SSL — no sneaky paywall, no signup required.

We use ACMEv2 and the official Let's Encrypt CA to give you unlimited 90-day certificates.

Easy

Simply paste your CSR and verify domain ownership.

No limits

Certificates are free, forever.

Privacy-friendly

We will never ask you for your private key.

CSR generation — what, why, and how

A CSR (Certificate Signing Request) contains the public key and identifying information about the site. You generate a private key locally and create a CSR that you send to the CA as part of the issuance process.

Trusted CSR Generator Websites

Use a trusted, open source website like csrgenerator.com to generate your CSR and private key.

CLI example

openssl genpkey -algorithm RSA -out private.key -pkeyopt rsa_keygen_bits:2048
openssl req -new -key private.key -out request.csr -subj "/CN=example.com/O=My Org/C=US"

PHP example (openssl extension)

$privkey = openssl_pkey_new(['private_key_bits'=>2048,'private_key_type'=>OPENSSL_KEYTYPE_RSA]);
openssl_pkey_export($privkey, $privkeyPem);
$dn = [
  "commonName" => "example.com",
  "organizationName" => "My Org",
  "countryName" => "US"
];
$csrRes = openssl_csr_new($dn, $csrRes, ['digest_alg'=>'sha256']);
openssl_csr_export($csrRes, $csrPem);
// store $privkeyPem securely and send $csrPem to the CA

FAQ

Why not just use other 'free' sites?

Many sites advertise 'free certs' then gate or limit renewals, or require signup that funnels you into paid plans. getfreessl.org aims to keep SSL free, forever.

Do you store my private keys?

No. Private keys should be generated and stored by you. Our UI supports uploading a CSR so the private key never leaves your environment.

Do you support wildcard certs?

Yes — we use DNS-01 validation, which supports wildcard certificates.

How long do I have to complete domain validation?

You must complete the domain validation within 1 hour of requesting a certificate. After that, your authorization and certificate access expire and you will need to start again.

How long are certificates valid?

Certificates are valid for 90 days from the date of issuance. This is a Let’s Encrypt policy and cannot be changed. You should renew before they expire by returning here and requesting a new certificate.

Do I need an account to use this service?

No. You do not need to register or log in. Just provide your CSR, validate your domain, and download your certificate.

What happens if someone uses this service for abuse?

All certificates are publicly logged in Certificate Transparency (CT) logs, so abuse can be detected. If a certificate is used for phishing, malware, or other illegal activity, we reserve the right to block or limit access to the service.