CINXE.COM
FAQ - Let's Encrypt
<!DOCTYPE html> <html dir="ltr" lang="en-US"> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <title> FAQ - Let's Encrypt </title> <meta name="description" content="This FAQ is divided into the following sections: General Questions Technical Questions General Questions What services does Let&rsquo;s Encrypt offer? Let&rsquo;s Encrypt is a global Certificate Authority (CA). We let people and organizations around the world obtain, renew, and manage SSL/TLS certificates. Our certificates can be used by websites to enable secure HTTPS connections. Let&rsquo;s Encrypt offers Domain Validation (DV) certificates. We do not offer Organization Validation (OV) or Extended Validation (EV) primarily because we cannot automate issuance for those types of certificates." /> <meta property="og:image" content="https://letsencrypt.org/images/LetsEncrypt-SocialShare.png"> <meta property="og:type" content="website" /> <meta property="og:title" content="FAQ" /> <meta property="og:description" content="This FAQ is divided into the following sections: General Questions Technical Questions General Questions What services does Let&rsquo;s Encrypt offer? Let&rsquo;s Encrypt is a global Certificate Authority (CA). We let people and organizations around the world obtain, renew, and manage SSL/TLS certificates. Our certificates can be used by websites to enable secure HTTPS connections. Let&rsquo;s Encrypt offers Domain Validation (DV) certificates. We do not offer Organization Validation (OV) or Extended Validation (EV) primarily because we cannot automate issuance for those types of certificates." /> <meta property="og:url" content="https://letsencrypt.org/docs/faq/" /> <script async src="https://www.googletagmanager.com/gtag/js?id=G-XEJKGKMHBK" ></script> <script> window.dataLayer = window.dataLayer || []; function gtag() { dataLayer.push(arguments); } gtag("js", new Date()); gtag("config", "G-XEJKGKMHBK"); </script> <link rel="stylesheet" href="/css/main.min.ebf51d2e6d31540d1bf650c82f0fb84cc3cf5ed3390522b9def0acc57f3ff5d9cdc50c898cfd856e4a2523fd7d1a54b2fd4d0a7694ab7ca2b8ae2da8c0dc02db.css" integrity="sha512-6/UdLm0xVA0b9lDILw+4TMPPXtM5BSK53vCsxX8/9dnNxQyJjP2FbkolI/19GlSy/U0KdpSrfKK4ri2owNwC2w==" /> <link rel="stylesheet" href="/fontawesome-free-6.5.2-web/css/all.min.css" /> <link rel="canonical" href="/docs/faq/" /> <link rel="alternate" href="/feed.xml" type="application/rss+xml" title="Let's Encrypt Blog Feed" /> </head> <body> <header class="site-header"> <a id="skiplink" href="#main-content">Skip navigation links</a> <div class="wrapper"> <a class="site-title" href="/"><img src="/images/letsencrypt-logo-horizontal.svg" alt="Let's Encrypt"></a> <span id="menuIcon"> <i class="fas fa-bars"></i> </span> <nav class="site-nav" id="menu"> <div class="pure-menu pure-menu-horizontal custom-can-transform"> <ul class="pure-menu-list"> <li class="pure-menu-item"> <a href="/docs/" class="pure-menu-link" tabindex="0">Documentation</a> </li> <li class="pure-menu-item"> <a href="https://community.letsencrypt.org/" class="pure-menu-link" tabindex="0">Get Help</a> </li> <li class="pure-menu-item pure-menu-has-children"> <a href="#" class="pure-menu-link" tabindex="0">Donate</a> <ul class="pure-menu-children"> <li class="pure-menu-item"> <a href="https://www.abetterinternet.org/sponsor/" class="pure-menu-link">Become a Sponsor</a> </li> <li class="pure-menu-item"> <a href="/sponsors/" class="pure-menu-link">Current Sponsors and Funders</a> </li> <li class="pure-menu-item"> <a href="/getinvolved/" class="pure-menu-link">Get Involved</a> </li> <li class="pure-menu-item"> <a href="/donate/" class="pure-menu-link">Donate</a> </li> </ul> </li> <li class="pure-menu-item pure-menu-has-children"> <a href="#" class="pure-menu-link" tabindex="0">About Us</a> <ul class="pure-menu-children"> <li class="pure-menu-item"> <a href="/about/" class="pure-menu-link">Let's Encrypt</a> </li> <li class="pure-menu-item"> <a href="https://www.abetterinternet.org/about/" class="pure-menu-link">Internet Security Research Group (ISRG)</a> </li> <li class="pure-menu-item"> <a href="/docs/faq/" class="pure-menu-link">Frequently Asked Questions (FAQ)</a> </li> <li class="pure-menu-item"> <a href="/2023/07/10/cross-sign-expiration/" class="pure-menu-link">Shortening the Let's Encrypt Chain of Trust</a> </li> <li class="pure-menu-item"> <a href="/repository/" class="pure-menu-link">Policy and Legal Repository</a> </li> <li class="pure-menu-item"> <a href="https://letsencrypt.status.io/" class="pure-menu-link">Service Status</a> </li> <li class="pure-menu-item"> <a href="/stats/" class="pure-menu-link">Statistics</a> </li> <li class="pure-menu-item"> <a href="https://www.abetterinternet.org/careers/" class="pure-menu-link">Careers</a> </li> <li class="pure-menu-item"> <a href="/contact/" class="pure-menu-link">Contact</a> </li> <li class="pure-menu-item"> <a href="/blog/" class="pure-menu-link">Blog</a> </li> </ul> </li> <li class="pure-menu-item pure-menu-has-children"> <a href="#" class="pure-menu-link" tabindex="0">Languages <img src="/images/language-icon128px-black.png" class="inline-icon" alt="" aria-hidden="true"></a> <ul class="pure-menu-children menu-for-languages"> <li class="pure-menu-item"> <a href="/docs/faq/" lang="" hreflang="" class="pure-menu-link">✓ English</a> </li> <li class="pure-menu-item"> <a href="/ca/docs/faq/" lang="" hreflang="" class="pure-menu-link">Català</a> </li> <li class="pure-menu-item"> <a href="/cs/docs/faq/" lang="" hreflang="" class="pure-menu-link">Čeština</a> </li> <li class="pure-menu-item"> <a href="/da/docs/faq/" lang="" hreflang="" class="pure-menu-link">Dansk</a> </li> <li class="pure-menu-item"> <a href="/de/docs/faq/" lang="" hreflang="" class="pure-menu-link">Deutsch</a> </li> <li class="pure-menu-item"> <a href="/el/docs/faq/" lang="" hreflang="" class="pure-menu-link">Greek</a> </li> <li class="pure-menu-item"> <a href="/es/docs/faq/" lang="" hreflang="" class="pure-menu-link">Español</a> </li> <li class="pure-menu-item"> <a href="/fi/docs/faq/" lang="" hreflang="" class="pure-menu-link">Suomi</a> </li> <li class="pure-menu-item"> <a href="/fr/docs/faq/" lang="" hreflang="" class="pure-menu-link">Français</a> </li> <li class="pure-menu-item"> <a href="/he/docs/faq/" lang="" hreflang="" class="pure-menu-link">עברית</a> </li> <li class="pure-menu-item"> <a href="/hu/docs/faq/" lang="" hreflang="" class="pure-menu-link">Hungarian</a> </li> <li class="pure-menu-item"> <a href="/id/docs/faq/" lang="" hreflang="" class="pure-menu-link">Bahasa Indonesia</a> </li> <li class="pure-menu-item"> <a href="/it/docs/faq/" lang="" hreflang="" class="pure-menu-link">Italiano</a> </li> <li class="pure-menu-item"> <a href="/ja/docs/faq/" lang="" hreflang="" class="pure-menu-link">日本語</a> </li> <li class="pure-menu-item"> <a href="/ko/docs/faq/" lang="" hreflang="" class="pure-menu-link">한국어</a> </li> <li class="pure-menu-item"> <a href="/pl/docs/faq/" lang="" hreflang="" class="pure-menu-link">Polish</a> </li> <li class="pure-menu-item"> <a href="/pt-br/docs/faq/" lang="" hreflang="" class="pure-menu-link">Português do Brasil</a> </li> <li class="pure-menu-item"> <a href="/ru/docs/faq/" lang="" hreflang="" class="pure-menu-link">Русский</a> </li> <li class="pure-menu-item"> <a href="/si/docs/faq/" lang="" hreflang="" class="pure-menu-link">සිංහල</a> </li> <li class="pure-menu-item"> <a href="/sr/docs/faq/" lang="" hreflang="" class="pure-menu-link">Srpski</a> </li> <li class="pure-menu-item"> <a href="/sv/docs/faq/" lang="" hreflang="" class="pure-menu-link">Svenska</a> </li> <li class="pure-menu-item"> <a href="/ta/docs/faq/" lang="" hreflang="" class="pure-menu-link">Tamil</a> </li> <li class="pure-menu-item"> <a href="/th/docs/faq/" lang="" hreflang="" class="pure-menu-link">Thai</a> </li> <li class="pure-menu-item"> <a href="/tr/docs/faq/" lang="" hreflang="" class="pure-menu-link">Türkçe</a> </li> <li class="pure-menu-item"> <a href="/uk/docs/faq/" lang="" hreflang="" class="pure-menu-link">Українська</a> </li> <li class="pure-menu-item"> <a href="/vi/docs/faq/" lang="" hreflang="" class="pure-menu-link">Tiếng Việt</a> </li> <li class="pure-menu-item"> <a href="/zh-cn/docs/faq/" lang="" hreflang="" class="pure-menu-link">简体中文</a> </li> <li class="pure-menu-item"> <a href="/zh-tw/docs/faq/" lang="" hreflang="" class="pure-menu-link">繁體中文</a> </li> </ul> </li> </ul> </div> </nav> </div> </header> <div id="main-content"></div> <div class="hero slim" style="background-image: url('/images/hero.jpg')"> <div class="container"> <h1>FAQ</h1> </div> </div> <div class="page-content"> <div class="wrapper"> <p data-langswitch="" style="display:none"> <a lang="" hreflang="" href="/da/docs/faq/"> Se på Dansk </a> </p> <p data-langswitch="" style="display:none"> <a lang="" hreflang="" href="/de/docs/faq/"> Auf Deutsch ansehen </a> </p> <p data-langswitch="" style="display:none"> <a lang="" hreflang="" href="/es/docs/faq/"> Ver en español </a> </p> <p data-langswitch="" style="display:none"> <a lang="" hreflang="" href="/fr/docs/faq/"> Voir en Français </a> </p> <p data-langswitch="" style="display:none"> <a lang="" hreflang="" href="/he/docs/faq/"> לעבור לעברית </a> </p> <p data-langswitch="" style="display:none"> <a lang="" hreflang="" href="/hu/docs/faq/"> Megtekintés magyar nyelven </a> </p> <p data-langswitch="" style="display:none"> <a lang="" hreflang="" href="/ja/docs/faq/"> 日本語で表示する </a> </p> <p data-langswitch="" style="display:none"> <a lang="" hreflang="" href="/ko/docs/faq/"> 한국어로 보기 </a> </p> <p data-langswitch="" style="display:none"> <a lang="" hreflang="" href="/pt-br/docs/faq/"> Ver em Português (do brasil) </a> </p> <p data-langswitch="" style="display:none"> <a lang="" hreflang="" href="/ru/docs/faq/"> Просмотреть на русском </a> </p> <p data-langswitch="" style="display:none"> <a lang="" hreflang="" href="/si/docs/faq/"> සිංහලෙන් දකින්න </a> </p> <p data-langswitch="" style="display:none"> <a lang="" hreflang="" href="/sv/docs/faq/"> Visa på svenska </a> </p> <p data-langswitch="" style="display:none"> <a lang="" hreflang="" href="/uk/docs/faq/"> Переглянути українською </a> </p> <p data-langswitch="" style="display:none"> <a lang="" hreflang="" href="/zh-cn/docs/faq/"> 阅读简体中文页面 </a> </p> <p data-langswitch="" style="display:none"> <a lang="" hreflang="" href="/zh-tw/docs/faq/"> 使用正體中文閲讀本網頁。 </a> </p> <script src="/js/i18n.js" defer async></script> <p> Last updated: <time datetime="2024-06-26">Jun 26, 2024</time> | <a href="/docs">See all Documentation</a> </p> <p>This FAQ is divided into the following sections:</p> <ul> <li><a href="#general">General Questions</a></li> <li><a href="#technical">Technical Questions</a></li> </ul> <h1 id="a-id-general-general-questions-a"><a id="general">General Questions</a></h1> <h2 id="what-services-does-let-s-encrypt-offer">What services does Let’s Encrypt offer?</h2> <p>Let’s Encrypt is a global Certificate Authority (CA). We let people and organizations around the world obtain, renew, and manage SSL/TLS certificates. Our certificates can be used by websites to enable secure HTTPS connections.</p> <p>Let’s Encrypt offers Domain Validation (DV) certificates. We do not offer Organization Validation (OV) or Extended Validation (EV) primarily because we cannot automate issuance for those types of certificates.</p> <p>To get started using Let’s Encrypt, please visit our <a href="/getting-started/" hreflang="">Getting Started</a> page.</p> <h2 id="what-does-it-cost-to-use-let-s-encrypt-is-it-really-free">What does it cost to use Let’s Encrypt? Is it really free?</h2> <p>We do not charge a fee for our certificates. Let’s Encrypt is a nonprofit, our mission is to create a more secure and privacy-respecting Web by promoting the widespread adoption of HTTPS. Our services are free and easy to use so that every website can deploy HTTPS.</p> <p>We require support from generous sponsors, grantmakers, and individuals in order to provide our services for free across the globe. If you’re interested in supporting us please consider <a href="/donate/" hreflang="">donating</a> or <a href="https://www.abetterinternet.org/sponsor">becoming a sponsor</a>.</p> <p>In some cases, integrators (e.g. hosting providers) will charge a nominal fee that reflects the administrative and management costs they incur to provide Let’s Encrypt certificates.</p> <h2 id="what-kind-of-support-do-you-offer">What kind of support do you offer?</h2> <p>Let’s Encrypt is run by a small team and relies on automation to keep costs down. That being the case, we are not able to offer direct support to our subscribers. We do have some great support options though:</p> <ol> <li>We have really helpful <a href="/docs/" hreflang="">documentation</a>.</li> <li>We have very active and helpful <a href="https://community.letsencrypt.org/">community support forums</a>. Members of our community do a great job of answering questions, and many of the most common questions have already been answered.</li> </ol> <p>Here’s a <a href="https://www.youtube.com/watch?v=Xe1TZaElTAs">video we like</a> about the power of great community support.</p> <h2 id="a-website-using-let-s-encrypt-is-engaged-in-phishing-malware-scam-what-should-i-do">A website using Let’s Encrypt is engaged in Phishing/Malware/Scam/… , what should I do?</h2> <p>We recommend reporting such sites to Google Safe Browsing and the Microsoft Smart Screen program, which are able to more effectively protect users. Here are the reporting URLs:</p> <ul> <li><a href="https://safebrowsing.google.com/safebrowsing/report_badware/">https://safebrowsing.google.com/safebrowsing/report_badware/</a></li> <li><a href="https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site-guest">https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site-guest</a></li> </ul> <p>If you’d like to read more about our policies and rationale, you can do so here:</p> <p><a href="https://letsencrypt.org/2015/10/29/phishing-and-malware.html">https://letsencrypt.org/2015/10/29/phishing-and-malware.html</a></p> <h1 id="a-id-technical-technical-questions-a"><a id="technical">Technical Questions</a></h1> <h2 id="are-certificates-from-let-s-encrypt-trusted-by-my-browser">Are certificates from Let’s Encrypt trusted by my browser?</h2> <p>For most browsers and operating systems, yes. See the <a href="/docs/certificate-compatibility/" hreflang="">compatibility list</a> for more detail.</p> <h2 id="does-let-s-encrypt-issue-certificates-for-anything-other-than-ssl-tls-for-websites">Does Let’s Encrypt issue certificates for anything other than SSL/TLS for websites?</h2> <p>Let’s Encrypt certificates are standard Domain Validation certificates, so you can use them for any server that uses a domain name, like web servers, mail servers, FTP servers, and many more.</p> <p>Email encryption and code signing require a different type of certificate that Let’s Encrypt does not issue.</p> <h2 id="does-let-s-encrypt-generate-or-store-the-private-keys-for-my-certificates-on-let-s-encrypt-s-servers">Does Let’s Encrypt generate or store the private keys for my certificates on Let’s Encrypt’s servers?</h2> <p>No. Never.</p> <p>The private key is always generated and managed on your own servers, not by the Let’s Encrypt certificate authority.</p> <h2 id="what-is-the-lifetime-for-let-s-encrypt-certificates-for-how-long-are-they-valid">What is the lifetime for Let’s Encrypt certificates? For how long are they valid?</h2> <p>Our certificates are valid for 90 days. You can read about why <a href="/2015/11/09/why-90-days.html">here</a>.</p> <p>There is no way to adjust this, there are no exceptions. We recommend automatically renewing your certificates every 60 days.</p> <h2 id="will-let-s-encrypt-issue-organization-validation-ov-or-extended-validation-ev-certificates">Will Let’s Encrypt issue Organization Validation (OV) or Extended Validation (EV) certificates?</h2> <p>We have no plans to issue OV or EV certificates.</p> <h2 id="can-i-get-a-certificate-for-multiple-domain-names-san-certificates-or-ucc-certificates">Can I get a certificate for multiple domain names (SAN certificates or UCC certificates)?</h2> <p>Yes, the same certificate can contain several different names using the Subject Alternative Name (SAN) mechanism.</p> <h2 id="does-let-s-encrypt-issue-wildcard-certificates">Does Let’s Encrypt issue wildcard certificates?</h2> <p>Yes. Wildcard issuance must be done via ACMEv2 using the <a href="/docs/challenge-types/#dns-01-challenge">DNS-01 challenge</a>. See <a href="https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578">this post</a> for more technical information.</p> <h2 id="is-there-a-let-s-encrypt-acme-client-for-my-operating-system">Is there a Let’s Encrypt (ACME) client for my operating system?</h2> <p>There are a large number of <a href="/docs/client-options/" hreflang="">ACME clients</a> available. Chances are something works well on your operating system. We recommend starting with <a href="https://certbot.eff.org/">Certbot</a>.</p> <h2 id="can-i-use-an-existing-private-key-or-certificate-signing-request-csr">Can I use an existing private key or Certificate Signing Request (CSR)?</h2> <p>Yes, but not all clients support this feature. <a href="https://certbot.eff.org/">Certbot</a> does.</p> <h2 id="i-requested-a-certificate-and-now-my-domain-is-receiving-a-lot-of-traffic-why-is-this-happening">I requested a certificate and now my domain is receiving a lot of traffic! Why is this happening?</h2> <p>This is normal and anticipated. During the <a href="/how-it-works/" hreflang="">certificate issuance process</a>, Let’s Encrypt will validate control of your domain from <a href="/2020/02/19/multi-perspective-validation">multiple network perspectives</a>. After successful validation, your certificate will be submitted to numerous <a href="/docs/ct-logs/" hreflang="">Certificate Transparency (CT) logs</a>. See <a href="https://certificate.transparency.dev/howctworks/#pki">here</a> for more details about why this is necessary. Shortly after the certificate is submitted to CT, automated CT crawling bots will be able to discover your domain, attempt to access it, and generate further traffic in your webserver logs.</p> <h2 id="what-ip-addresses-does-let-s-encrypt-use-to-validate-my-web-server">What IP addresses does Let’s Encrypt use to validate my web server?</h2> <p>We don’t publish a list of IP addresses we use to validate, and these IP addresses may change at any time. Note that we now <a href="/2020/02/19/multi-perspective-validation.html">validate from multiple IP addresses</a>.</p> <h2 id="i-successfully-renewed-a-certificate-but-validation-didn-t-happen-this-time-how-is-that-possible">I successfully renewed a certificate but validation didn’t happen this time - how is that possible?</h2> <p>Once you successfully complete the challenges for a domain, the resulting authorization is cached for your account to use again later. Cached authorizations last for 30 days from the time of validation. If the certificate you requested has all of the necessary authorizations cached then validation will not happen again until the relevant cached authorizations expire.</p> <h2 id="why-should-my-let-s-encrypt-acme-client-run-at-a-random-time">Why should my Let’s Encrypt (ACME) client run at a random time?</h2> <p>We ask that <a href="https://letsencrypt.org/docs/integration-guide/#when-to-renew">ACME clients perform routine renewals at random times</a> to avoid spikes in traffic at set times of the day, such as exactly midnight UTC, or the first second of each hour or minute. When the service is too busy, clients will be asked to <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/503">try again later</a>, so randomizing renewal times can help avoid unnecessary retries.</p> <h2 id="where-can-i-learn-more-about-tls-ssl-and-pki-in-general">Where can I learn more about TLS/SSL and PKI in general?</h2> <p>Longtime security researcher and practitioner, Ivan Ristić, published a configuration guide that provides useful information about what you should consider as you <a href="https://www.feistyduck.com/library/bulletproof-tls-guide/online/" target="_blank" rel="noopener noreferer">set up your TLS configuration</a>.</p> <p>For more extensive background and greater detail, we recommend <a href="https://www.feistyduck.com/books/bulletproof-tls-and-pki/" target="_blank" rel="noopener noreferer">Bulletproof TLS and PKI</a>, also written by Ristić.</p> </div> </div> <footer class="site-footer"> <div class="wrapper"> <div class="footer-col-wrapper"> <div class="footer-col footer-col-2"> <p>Let's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit <a href="https://www.abetterinternet.org/">Internet Security Research Group (ISRG)</a>. Read all about our nonprofit work this year in our <a href="https://www.abetterinternet.org/annual-reports/">2023 Annual Report</a>. </p> <p> <span itemscope itemtype="http://schema.org/PostalAddress"> <span itemprop="streetAddress">548 Market St, PMB 77519</span>, <span itemprop="addressLocality">San Francisco</span>, <span itemprop="addressRegion">CA</span> <span itemprop="postalCode">94104-5401</span>, <span itemprop="addressCountry">USA</span> </span> </p> <p>Send all mail or inquiries to:</p> <p> <span itemscope itemtype="http://schema.org/PostalAddress"> <span itemprop="streetAddress">PO Box 18666</span>, <span itemprop="addressLocality">Minneapolis</span>, <span itemprop="addressRegion">MN</span> <span itemprop="postalCode">55418-0666</span>, <span itemprop="addressCountry">USA</span> </span> </p> </div> <div class="footer-col footer-col-1"> <ul class="social-media-list"> <li> <a href="https://github.com/letsencrypt"> <i class="fab fa-github" aria-hidden="true"></i> <span class="username">GitHub</span> </a> </li> <li> <a href="https://www.linkedin.com/company/lets-encrypt/"> <i class="fab fa-brands fa-linkedin-in" aria-hidden="true"></i> <span class="username">LinkedIn</span> </a> </li> <li> <a rel="me" href="https://infosec.exchange/@letsencrypt"> <i class="fab fa-mastodon" aria-hidden="true"></i> <span class="username">Mastodon</span> </a> </li> </ul> View our <a href="/privacy/">privacy policy</a>.<br> View our <a href="https://www.abetterinternet.org/trademarks">trademark policy</a>. </div> <div class="footer-col footer-newsletter-col footer-col-3"> <h6>Subscribe for email updates about Let's Encrypt and other ISRG projects</h6> <iframe src="https://outreach.abetterinternet.org/l/1011011/2023-02-16/6l51" height="200" style="width: 100%; border: 0"></iframe> <div class="footer-copyright"> <a href="https://abetterinternet.org">© 2024 Internet Security Research Group</a> </div> </div> </div> </div> </footer> <script src="/js/main.9c0b9add2dc0db21de0f695103830dbde01e31d77fa9a2db9ac3c1b9e09e4806f2e0d9a7281b06461b2e162a3560c605b038169b42ff376b4cd28cc71203c8f0.js" integrity="sha512-nAua3S3A2yHeD2lRA4MNveAeMdd/qaLbmsPBueCeSAby4NmnKBsGRhsuFio1YMYFsDgWm0L/N2tM0ozHEgPI8A=="></script> </body> </html>