already paid but they never send key
is the above link genuine
Let’s Encrypt certificates are free - you shouldn’t have to pay anyone for them. I suppose third parties are able to charge for assistance in obtaining one, but that seems beyond sketchy to me. I’m not going to go to that site, given the propensity for it to be compromised in some form, but is it advertising Let’s Encrypt certificates for sale? Or are they simply selling their own certificates? Are you asking about the private key? If so, you should already have that. The CA never sees your private key, nor should anyone else.
Other people are definitely allowed to charge money for help in obtaining or installing Let's Encrypt certificates. However, most of the tools for obtaining certificates don't charge money.
I have definitely heard about this tool before and I guess it's popular among Chinese-speaking users because it's available in Chinese, unlike some of the other methods of obtaining certificates. I could ask a Chinese-speaking colleague to look at it and give us an opinion about how useful it might be.
Let's Encrypt and ISRG are not affiliated with any of the tools or sites that help you to get certificates. The Let's Encrypt certificate authority has an open API allowing any software to request certificates.
There is a list of client implementations at
Unfortunately, most of them are not yet available in Chinese. One client that does have some official documentation in Chinese is acme.sh:
Whether this is useful to each user depends on his or her hosting environment (for example, acme.sh requires you to have shell access on your web server in order to use it in the most straightforward way, which some users have and some users don't have).
Maybe @ylbjudge can answer you as he advertised that service:
And, as you paid them for customers support, they should help you...
As @jared.m said,
If somebody generate a private key for you, it should be only somebody you trust, as they could keep a copy of that key.
thanks jared, will report to paypal first else all other innocent and desperate guys would be affected
I’m sorry for the inconvenience to you!
Using paypal payment is an offline payment method, Easy HTTPs order processing staff will confirm the payment received.
You can receive the confirm-email when the order is confirmed!
We are working in Beijing time, so the order processing staff to confirm your order not in time, I‘m very sorry!
Each order will checked in 24 hours!
- if the user not pay, the system can generate the private key for the first cert;
- if the user have paied and has some reset service, user can create private-key himself when create cert(User’s CSR)!
wow what a scam, if they don't have controll over your website or dns, they can't issue a cert via Lets Encrypt.
thanks to ylbjudge, jared and all, i download a zip file and viewing the certificate now…
the next thing is to install in hostgator…where i see a page as below and asking me to fill in the following
- SSL Certificate
- RSA private key
- SSL CA Certificate (Trusted Authority / “CA Bundle”)
where do i see all the above mentioned in the certificate…
apologise to all…for too many questions…thanks in advance
Some services help with the process, like https://zerossl.com/ requires the user to perform actions to confirm ownership and then helps carry out the issuance process.
While I don't like the model of having a third-party service generate the private key, there's nothing inappropriate, as far as I know, in terms of Let's Encrypt's terms of service with any external client or web-based tool helping users to obtain certificates. We've discussed this quite a bit in the past.
Lots of models of certificate generation can help different users, especially while not all hosting providers and web servers directly integrate Let's Encrypt. I hope every service will be extremely clear about what it does and doesn't do, and exactly what it's charging for if a fee is charged to the users.
First of all:
My colleague has checked in detail the certificate information you generated now, and your certificate chose ACMEv2 STAGING environment to generate,
As Easy HTTPs prompts you, it will not be trusted by any browser. So you need to regenerate a formal ACMEv1 certificate.
Of course, certificates for the ACMEv2 staging environment do not reduce the number of services you are servicing in Easy HTTPs, so you can create another ACMEv1 certificate that you can use to deploy to your production environment.
Generate a certificate using the following steps:
- Click “+ Create Certificate” in the “Certificate Manager” panel.
- According to your actual situation, select the domain name verification method, you have chosen DNS verification in front, so now you can use the default option.
- Use the ACMEv01 option by default.
- Select the domain name and click the drop down to select your domain name “YOURDOMAIN.com.sg”.
- Use “+ Add sub-domain” and “Sub sub-domain” to increase or decrease the second level domain name in the certificate.
Special Note: ACMEv02 certificate generated in front of you only YOURDOMAIN.com.sg, then www.YOURDOMAIN.com.sg will not be trusted.
So, you can click +/- to add or remove second-level domain names. Depending on the actual situation of your site, you need at least www and leave a blank domain name (as shown).
In addition, the domain name in the certificate, once created, can not be changed anymore.
This way, your generated certificate is ready for YOURDOMAIN.com.sg and www.YOURDOMAIN.com.sg.
6. Other options to keep the default, click “Create” to create.
7. Generate steps, please click the interface prompts (recommended according to the first interface to create the DNS Records and then generate, due to the New DNS Record takes some effective time, please wait for a while after the creation of the actual generation).
Special Note: Let’s Encrypt has some restrictions on domain name validation failures. If the error reaches the limit, please try again in about an hour.
Certificate download and use
Once generated, your certificate can be downloaded.
EasyHTTPs download ZIP package to provide you with the popular WEB server (Apache, IIS, nginx, tomcat, etc.) required to install SSL files, other servers can use the files in the “Others” directory.
Where YOURDOMAIN.com.sg.crt is the SSL certificate, YOURDOMAIN.com.sg.key is the KEY (RSA private key) generated for you by the system, and the KEY is your own if you have generated your own CSR. It does not appear in the package. File structure like follows:
Often, you have both of these files to install SSL, which you can get from Let’s Encrypt if you need a CA (generally optional, not sure if your host service system is required).
Website: https://letsencrypt.org/certificates/ (download Let’s Encrypt Authority X3 (IdenTrust cross-signed), open Notepad, Paste, save as letsca.crt)
Finally, about EasyHTTPs ACME Client
Like other ACME clients, EasyHTTPs uses dialogues to guide users interactively. Easy HTTPs -https://easy.zhetao.com/ never need to control their DNS and Web servers. Users do not need to provide any DNS accounts and passwords, There is no way to control the user’s DNS and WEB server, which is a user interaction process. Easy HTTPs core services lie in providing visual, browser-based ways and services to generate certificates step by step without the need to install any software. It’s not any scam like the @bfqTudaffO1LNwUSmNFf say. Of course, every challenge verification, CSR, private key, etc., can be selected by the user self-built or by EasyHTTPs automatically. So Easy HTTPs is an extremely flexible ACME certificate generation tool that guides you through the process of getting the SSL certificate to the user with virtually no extra software on the server.
About CSR and Private Key: Easy HTTPs provides all users with two choices. One is that users who have the ability to create CSR and KEY can create CSR and KEY by themselves. One is that there is no condition to create KEY and CSR can use Easy HTTPs instead, so that Easy HTTPs can give users some of the deployment recommendations as well as generate pfx certificate stores for IIS or Tomcat’s keystore.
In fact, it is not 100% safe for users to create KEY and CSR by themselves. For example, if users want to create pfx or keystore, they often choose online WEB tools, submit KEY and certificate to generate PFX and keystore, Third-party website published its own private key. Even, they generate KEY and CSR on third-party websites.
About Service Content: The service content and terms of service, order approval rules, opening rules and times are all very clearly described on the EasyHTTPs website. And we have a reminder on the user interface. For example, the question about @thambi , his order submitted at 23:43 BEIJING TIME, and the audit we conducted at 7:57 the next day is entirely in the normal service flow, but some users use it as an unnecessary extension. I think @thambi is necessary to explain.
Hi mr lawrence yang of easyhttp…one thousand thanks to you…my site is now showing https…
what many guys couldnt do and even hostgator not bothering, you made my day…even though i requested you to take a break, and when i gave up…you didnt. .guys all of you…thanks a lot…jared, ylbjudge and all…i have already told a few guys here about mr lawrence yang’s great dedication and problem solving skill and execution…thanks a lot