Are certificates from Let’s Encrypt trusted by my browser?
For most browsers and operating systems, yes. See the compatibility list for more detail.
When can I get a certificate from Let’s Encrypt?
Today! Visit this page to get started.
Will Let’s Encrypt issue certificates for anything other than SSL/TLS for websites?
Let’s Encrypt certificates will be standard Domain Validation certificates, so you can use them for any server that uses a domain name, like web servers.
Can I use certificates from Let’s Encrypt for code signing or email encryption?
No. Email encryption and code signing require a different type of certificate than Let’s Encrypt will be issuing.
Will Let’s Encrypt generate or store the private keys for my certificates on Let’s Encrypt’s servers?
The private key is always generated and managed on your own servers, not by the Let’s Encrypt certificate authority.
Will Let’s Encrypt issue Extended Validation (EV) or Organization Validation (OV) certificates?
Let’s Encrypt has no plans to issue EV or OV certificates at this time.
Can I get a certificate for multiple domain names (SAN certificates)?
Yes, the same certificate can apply to up to 100 different names using the Subject Alternative Name (SAN) mechanism. The resulting certificates will be accepted by browsers for any of the domain names listed in them.
Will Let’s Encrypt issue wildcard certificates?
We currently have no plans to do so, but it is a possibility in the future. Hopefully wildcards aren’t necessary for the vast majority of our potential subscribers because it should be easy to get and manage certificates for all subdomains.
Is there a Let’s Encrypt (ACME) client for my operating system?
There are a large number of client implementations available. Chances are something works well on your operating system. We recommend starting with Certbot.
Can I use an existing private key or Certificate Signing Request (CSR)?
Yes, but not all clients support this feature. Certbot does.
What are the current rate limits?
See this page.
Can I delete certificates to reset the rate limit for my domain?
No, deleting or revoking already issued certificates won’t reset the rate limit.
What IP addresses will Let’s Encrypt use to validate my web server?
We don’t publish a list of IP addresses we use to validate, because they may change at any time. In the future we may validate from multiple IP addresses at once.
Can I issue a certificate if my web server doesn’t listen on port 80?
Yes, using the
TLS-SNI-01 challenge, for example with Certbot’s apache or standalone plugin. In order to solve a
HTTP-01 challenge, your web server must listen on port 80.
Can I issue a certificate without exposing any ports?
Yes, using the
DNS-01 challenge. With Certbot, you can use this challenge using the manual plugin. Automation is possible via
I’m on a shared hosting plan. Can I use Let’s Encrypt?
The easiest solution would be for your web host to provide a one-click integration with Let’s Encrypt through their control panel. The community maintains a list of web hosting providers with Let’s Encrypt support.
If your web host doesn’t integrate with Let’s Encrypt directly, but supports uploading your own certificate and key, you might be able to use Let’s Encrypt. The client has a manual mode which should work in typical shared hosting environments. Note that you’ll have to renew your certificate manually every 3 months.