.Maui doesn't show ads or abuse your privacy, your support is essential to keep .Maui running. Consider a donation, even a small one, to help us a lot. Donate now.

HTTPS free for everyone

This page is not the result of our work, it is made possible thanks to an open source project available here: https://github.com/diafygi/gethttpsforfree

You can now get free https certificates from the non-profit certificate authority Let's Encrypt! This page that will take you through the manual steps to get your free https certificate so you can make your own website use https! This page is open source and NEVER asks for your private keys. Never trust a website that asks for your private keys!

Email support is available for premium users.

Step 1: Account Info

Let's Encrypt requires that you register an account email and public key before issuing a certificate. The email is so that they can contact you if needed, and the public key is so you can securely sign your requests to issue/revoke/renew your certificates. Keep your account private key secret! Anyone who has it can impersonate you when making requests to Let's Encrypt!

How to generate a new account keypair using openssl:
  1. Generate an account private key if you don't have one:
    openssl genrsa 4096 > account.key
  2. Print your public key:
    openssl rsa -in account.key -pubout
  3. Copy and paste the public key into the box below.

Step 2: Certificate Signing Request

This is the certificate signing request (CSR) that you send to Let's Encrypt in order to issue you a signed certificate. It contains the website domains you want to issue certs for and the public key of your TLS private key. Keep your TLS private key secret! Anyone who has it can man-in-the-middle your website!
How to generate a new Certificate Signing Request (CSR):
  1. Generate a TLS private key if you don't have one:
    openssl genrsa 4096 > domain.key
  2. Generate a CSR for your the domains you want certs for:
    (replace "foo.com" with your domain)
    #change "/etc/ssl/openssl.cnf" as needed:
    #  Debian: /etc/ssl/openssl.cnf
    #  RHEL and CentOS: /etc/pki/tls/openssl.cnf
    #  Mac OSX: /System/Library/OpenSSL/openssl.cnf
    openssl req -new -sha256 -key domain.key -subj "/" \
      -reqexts SAN -config <(cat /etc/ssl/openssl.cnf \
      <(printf "[SAN]\nsubjectAltName=DNS:foo.com,DNS:www.foo.com"))
  3. Copy and paste the CSR into the box below.

Step 3: Sign API Requests (waiting...)

Step 4: Verify Ownership (waiting...)

Step 5: Install Certificate (waiting...)