Skip to main content
Apply for Free SSL Certificates

Free SSL certificates in CertOne are issued by Let's Encrypt, and professional SSL certificates are issued by Sectigo (formerly Comodo).

Let's Encrypt uses the ACME protocol to automatically verify your control over specified domains and issue certificates to you. The ACME protocol requires you to prove your control over the domain, generally in two ways: You manually add specified TXT resolution records to your domain resolution, which requires manual operation each time you renew and cannot achieve automated renewal and deployment; or use an automated method, which requires you to provide API interface authorization from your DNS domain resolution service provider, enabling automated renewal and deployment, which is also the method advocated by the Let's Encrypt organization. CertOne aims to achieve comprehensive automation of certificate renewal and deployment, so only automated methods are provided, but three methods are provided to prove domain control:

  • DNS Authorization Verification Mode: Requires users to provide API interface authorization from DNS domain resolution service providers
  • DNS Authorization-Free Verification Mode: No need for users to provide API interface authorization from DNS domain resolution service providers, just add the specified CNAME record to domain resolution as prompted
  • HTTP Verification Mode: No need for users to provide API interface authorization from DNS domain resolution service providers, just configure server settings as prompted

Step 1: Create DNS Authorization (Skip this step if using DNS authorization-free mode)

Currently, we support API interface authorization verification for the following domain resolution service providers: Alibaba Cloud, AWS, GoDaddy, DnsPod.cn (Tencent Cloud), Cloudflare, Huawei Cloud, Baidu Intelligent Cloud. If your domain resolution service provider is not on this list, we recommend migrating your domain resolution service to one of them. We will continue to work hard to support more DNS domain resolution service providers. Thank you for your support.

After your DNS domain resolution service provider is one of those mentioned above, you need to create the corresponding API interface authorization. For how to create API interface authorization in DNS domain resolution service provider systems, please refer to the following documentation:

After creating API interface authorization in your DNS domain resolution service provider, return to CertOne to add DNS authorization.

  1. Click the [DNS Authorization] menu on the left to open the DNS authorization management interface
  2. Click the [Add Authorization] button in the DNS authorization management interface to open the add authorization interface
  3. Select your DNS domain resolution service provider and fill in the API interface authorization parameters you just created
  4. Click the [Add Authorization] button to complete DNS authorization addition

The created DNS authorization will be used in the next step [Create Certificate]. If you have multiple domains with the same DNS domain resolution service provider, you only need to create one authorization and do not need to create duplicates. You can also name, search, delete, and modify DNS authorizations in the CertOne DNS authorization management interface.

Step 2: Create HTTPS Certificate

Steps to create a certificate when selecting DNS authorization-free mode:

  1. Click the [Certificate] menu on the left to open the certificate management interface
  2. Click the [Create Certificate] button in the certificate management interface to open the create certificate interface
  3. Select [DNS Authorization-Free Mode]
  4. Select the certificate type you want to create. Certificate types are divided into: single domain, multi-domain, and wildcard domain
  5. In the domain input box below the certificate type, enter the domain for which you want to issue a certificate
  6. Follow the prompts below the domain and add the relevant CNAME resolution record to your domain resolution
  7. Click Verify Resolution Record to notify Let's Encrypt to verify control of the domain you entered. The authorization verification process will take 1-2 minutes, please wait patiently.
  8. After verification passes, click Create Certificate to complete creation. The certificate creation process will take 3-10 minutes, please wait patiently.

Steps to create a certificate when selecting DNS authorization mode:

  1. Click the [Certificate] menu on the left to open the certificate management interface
  2. Click the [Create Certificate] button in the certificate management interface to open the create certificate interface
  3. Select [DNS Authorization Mode]
  4. Select the certificate type you want to create. Certificate types are divided into: single domain, multi-domain, and wildcard domain
  5. In the domain input box below the certificate type, enter the domain for which you want to issue a certificate
  6. Select your DNS domain resolution service provider and select the corresponding DNS authorization
  7. Click Authorization Verification to notify Let's Encrypt to verify control of the domain you entered. The authorization verification process will take 1-2 minutes, please wait patiently.
  8. After verification passes, click Create Certificate to complete creation. If verification fails, it may be because your DNS authorization parameters were entered incorrectly. Please re-enter and try again. The certificate creation process will take 3-10 minutes, please wait patiently.

After certificate creation is complete, you can click the certificate to view details. The certificate details page displays the certificate renewal version records and deployment records. Once a certificate is created, the first renewal record will be generated. Click the corresponding renewal record to view the detailed certificate content, including: cert.key (PEM format), cert.cer (PEM format), fullchain.cer (PEM format). You can also name, search, delete, and configure certificates in the certificate management interface.

Step 3: Create Deployment Node

If you need to deploy certificates to Alibaba Cloud, Tencent Cloud, Qiniu Cloud, Doge Cloud, Baota Panel's load balancers, certificate lists or CDN, or NGINX, HTTPD, OPENRESTY containers, as well as Webhook, SSH, API, Synology NAS, etc., you need to add deployment nodes in the deployment node management interface.
Before adding non-container deployment nodes, you need to first create the corresponding API interface authorization in the cloud service provider. For how to create the corresponding API interface authorization in cloud service providers, please refer to the following documentation:

  1. Documentation - Deployment Node - SSH - SSH
  2. Documentation - Deployment Node - Webhook - WEBHOOK
  3. Documentation - Deployment Node - API - API
  4. Documentation - Deployment Node - Synology - NAS

After creating API interface authorization in the cloud service provider, return to CertOne to add deployment nodes.

  1. Click the [Deployment Node] menu on the left to open the deployment node management interface
  2. Click the [Add Node] button in the deployment node management interface to open the add node interface
  3. Select the cloud service provider you want to deploy to: Alibaba Cloud, Tencent Cloud, Qiniu Cloud, Baota Panel
  4. Select the specific location where you want to deploy certificates to the cloud service provider: Load Balancer (Alibaba Cloud SLB and ALB, Tencent Cloud CLB), CDN, SSL
  5. Fill in the API interface authorization parameters you created in the cloud service provider
  6. Click the [Next] button to enter the associate certificate interface, where you can select certificates that need to be deployed to this node
  7. Click the [Create Deployment Node] button to complete deployment node creation

For deployment nodes with SSL as the deployment location, multiple certificates can be deployed to this type of node simultaneously without overwriting each other; for deployment nodes with load balancer or CDN as the deployment location, only a single certificate can be deployed to this type of node. If multiple certificates are configured, they will overwrite each other.

If you need to deploy certificates to Docker containers, you do not need to create API interface authorization, just add directly.

  1. Click the [Deployment Node] menu on the left to open the deployment node management interface
  2. Click the [Add Node] button in the deployment node management interface to open the add node interface
  3. Select the deployment type you want: Docker
  4. Select the container type you want to deploy certificates to: NGINX, HTTPD, OPENRESTY
  5. Click the [Click to Generate] token button to generate a token
  6. Click the [Next] button to enter the associate certificate interface, where you can select certificates that need to be deployed to this node
  7. Click the [Create Deployment Node] button to complete deployment node creation

Currently, Docker container types support NGINX, HTTPD, OPENRESTY, and custom. If you need to deploy to other container types, please contact us via email. We will continue to work hard to support more container types. Thank you for your support. If your certificates need to be deployed to containers and the same image starts multiple containers, you only need to create one deployment node. Multiple certificates can be used simultaneously in one container. Since the latest version of associated certificates will be pulled before container startup, please complete certificate creation and certificate deployment node configuration before starting the container. For how to use Docker type deployment nodes, please refer to the following documentation:

  1. Documentation - Deployment Node - Docker - NGINX
  2. Documentation - Deployment Node - Docker - HTTPD
  3. Documentation - Deployment Node - Docker - OPENRESTY
  4. Documentation - Deployment Node - Docker - Custom
Step 4: Configure Certificate

In the certificate management interface, click the [Configure] button to configure the certificate. You can configure whether to automatically notify before expiration, automatically renew before expiration, automatically deploy after renewal, deployment nodes, etc.

Step 5: Monitor Certificate

Certificate monitoring service is used to monitor the validity period of SSL certificates used by domain sites. Even certificates not applied from CertOne can be monitored. The certificate monitoring service will send you a certificate expiration reminder email 20 days before certificate expiration, reminding you to update the SSL certificates used by the site in time.

1
CertOne
Automated SSL for every domain
Get Free SSL Certificate
TRUSTED AUTOMATED CERT MANAGEMENT
Issue, renew, and deploy SSL in one click.
Zero-touch certificate lifecycle across all your clouds, CDNs, and clusters.
LetsEncrypt · Sectigo
Auto deploy to Nginx · CDN · Kubernetes · Docker · Synology