Why use our free certificate application service?

100% free forever

Never pay for an SSL certificate again, thanks to Let's Encrypt and Buypass for providing us with free SSL certificate.

Certificate expiration reminder service

We provide a certificate expiration reminder service for free, and promptly remind you to replace the certificate before your HTTPS certificate expires.

Private key security is guaranteed

We use the browser to generate the private key by default to ensure that the private key is not transmitted on the network and ensure the security of your HTTPS certificate.

Certificate cloud hosting

Although we provide cloud hosting services for certificates and private keys, we still don't recommend using this feature. It is recommended that you use KeyManager, an offline encrypted storage management software. Of course, we also use two-step verification and strong encryption of the private key to ensure the security of your certificate private key. You can upload the private key to the console panel.

About how FreeSSL.org works

Provide free HTTPS certificates for Let's Encrypt and Buypass CA

Both support file validation and DNS validation:

  • Let's Encrypt SSL certificate is generated through its official ACME protocol server.
  • TrutAsia SSL certificates are produced through its official API.

The private key is generated by the default browser. Keeping private keys safe .Voluntary trusteeship!

For modern browsers, we use Web Cryptography API in the browser to generate a private key, so that your private key is not transmitted on the network. When the HTTPS certificate is successfully applied, the private key will be deleted from the browser. If your browser Not Support Web Cryptography API, we will generate a private key from the server and issue it to you via HTTPS SSL, and We promise never to keep users' private keys. However, for better security, we still recommend using a browser that support the Web Cryptography API to generate clients. You can also provide your own CSR when generating the certificate, in which case you will absolutely guarantee the security of the private key.

Regarding private key escrow, you need to manually upload to the console (requires sign in), we will force you to encrypt. If your certificate is used in a high security environment, we do not recommend that you use this feature.