Free SSL/TLS from Let’s Encrypt

Use HTTPS for your website for free

SSL certificates have already become a must for any company regardless its size. Without an SSL certificate, a company can lose search system positions, visitors, and money. Let’s Encrypt in ISPmanager allows creating free SSL certificates from the trusted certification center. Order and installation are automatic and do not require any specific technical skills.

Why you need an SSL certificate

When you visit a website, you always connect to the server on which it is located. If your connection is not secured, hackers can steal logins, passwords, and credit card numbers. The SSL certificate secures the connection and encrypts data which you enter. Even if hackers intercept your data, they would not be able to decrypt it.

Starting from 2017, Google search bots mark websites without SSL certificates as unsecure and lower their search results. Google Chrome and Mozilla Firefox mark HTTP websites as unreliable. This way browsers inform users that their personal data or money can be stolen.

Start using HTTPS to improve your rank in search systems and be more trusted by the users. You don’t need money or technical skills to do it with Let’s Encrypt.

Who can take advantage of Let’s Encrypt

Let’s Encrypt generates first level SSL certificates with domain validation (DV), thus Let’s Encrypt can be used by web projects that don’t require strict security guarantees, such as blogs, hobby or promo websites. The green lock in the browser bar is more than enough if your visitors don’t enter logins/passwords or shop.

DV certificates simply confirm that a domain belongs to you. Website visitors will not encounter browser warnings about insecurity of your website, while hackers will not intercept any user information as your certificate provides secure HTTPS connection.

Please note! We do not recommend using DV certificates for e-commerce or corporate portals requiring a higher level of trust. Certification centers don’t check business legitimacy with DV certificates, thus such certificates cannot guarantee that the owner can be trusted in terms of logins, passwords, and credit card numbers.

Installation

cs
Step 1

Step 1.

You need to have ISPmanager 5.65 or newer to be able to install Let’s Encrypt.

  • Open ISPmanager;
  • Go to "Integration" → "Modules" as root;
  • Install Let’s Encrypt module.

Now you can get a valid self-renewing SSL certificate for your domain. It requires a user with the right to use SSL and a valid domain name.

cs
Sterp 2

Step 2.

Once installation is complete, click on Let’s Encrypt in "WWW" → “SSL certificates” to receive a free certificate. Read more about certificate generation in documentation.

Your certificate would be generated successfully if all domains and aliases specified can be opened from the server. The certificate cannot be issued even if just one of domains or aliases is not opened.

About Let’s Encrypt

Let’s Encrypt is a non-profit certification center. Unlike other centers, it generates SSL certificates for free. Furthermore, certificate generation is fully automated.

The project was started in 2014 to make sure that the majority of websites would switch to secure HTTPS connection soon. The world’s leading IT companies such as Mozilla, Google Chrome, Cisco, Facebook have become sponsors of this project. Also, IdenTrust, University of Michigan, Stanford Law School, Linux Foundation are partners of Let’s Encrypt.

The key principles of Let’s Encrypt:

  • Free of charge. Any domain owner can get a trusted SSL certificate for free;
  • Automation. Let’s Encrypt fully automates the process of requesting, configuration, and updates of certificates;
  • Security. Let’s Encrypt supports the best security practices on both certification center and website sides;
  • Transparency. Information on all Let’s Encrypt certificates is publicly available;
  • Independence and benefit. Let’s Encrypt is an independent project created to provide benefit to the society.

Please keep in mind that Let’s Encrypt has a few limitations, such as the following:

  1. You can create not more than 5 certificates per week for a first level domain and its subdomains.
  2. Wildcard certificates are not supported.
  3. Every Let’s Encrypt certificate is valid for as long as 3 months. ISPmanager automatically re-generates Let’s Encrypt certificates every 3 months.
  4. Let’s Encrypt does not provide any guarantees and does not pay any compensation in case of data loss because it is a non-profit organization.

Full list of limitations is available on Let's Encrypt website.

F.A.Q.

SSL certificates from Let’s Encrypt are trusted by the majority of browsers and operating systems. Find a full list of all compatible browsers on Let's encrypt website.
You can. One certificate can secure many domains.
Let's Encrypt is planning to issue wildcard certificates. At any rate, now Let’s Encrypt users can protect subdomains with the help of standard Let’s Encrypt certificates.
As of Let’s Encrypt, this term has two key advantages. In the first place, this way the certification center decreases potential damage from compromised keys or faulty certificates. The shorter term mitigates risks of potential damages. In the second place, 90-days SSL certificates stimulate automation which is required to simplify usage of HTTPS. After the whole Internet is switched to HTTPS, it would be impossible to update all existing websites manually, so automation would be a must. As soon as releases and updates of SSL certificates become fully automated, shorter terms would be an industry standard.
By the way, Let’s Encrypt recommend to update certificates every 60 days if it is necessary.
No. A Private Key can only be generated on your own servers, as opposed to Let’s Encrypt servers.
Yes, but not all clients support it. It is definitely supported by Certbot.

For providers

A lot of non-profit websites don’t need a paid SSL certificate. Such customers would value their provider who can offer free domain protection. With Let’s Encrypt you can increase the value of your services.