Let's Encrypt Certificates

Discover our Public Cloud offer

Shared Hosting for Everyone, imagined by developers, for developers.

Discovering the Public Cloud

Let’s Encrypt is a certification authority that proposes a simple way to generate free certificates. The certificates offered are Domain Validation type ones, valid for 90 days.

To avoid duplicates, alwaysdata enables the generation of Let’s Encrypt certificates only for wildcard certificats.

.alwaysdata.net addresses are handled by the *.alwaysdata.net wildcard certificate returned by default by the servers.

Automatically generated certificates

alwaysdata automatically generates and renews a Let’s Encrypt certificate for every address pointing to our servers and it is added in the Web > Sites section. Hence, every site hosted on its servers handles HTTPS protocol.

You can view them in the Advanced > SSL certificates > Automatically generated certificates section:

Administration interface: automatically generated certificates
Administration interface: automatically generated certificates

Certificate generation is limited to 64 characters per complete address.

Troubleshooting

Certificate not created

The creation of these certificates is dependent on DNS propagation: the address must point to alwaysdata servers. Once the address is added in Web > Sites, the system will attempt to generate its certificate every 30 minutes for 24 hours. This will then change to once a day.

As a result, our system will not be able to generate Let’s Encrypt certificates for addresses using a proxy from a third-party company in front of our servers.

People who add the addresses before changing the DNS records can, after making the changes with their DNS provider, restart the autogeneration by deleting the addresses from the site in Web > Sites and putting them back a few seconds later. WARNING this action is to be done only once, too many attempts can block the process and the certificate generation for a week. Contact support if the first attempt is unsuccessful.

DNSSEC

As our servers do not support DNSSEC, its activation with the registrar will block the generation of Let’s Encrypt certificates.

Wildcard certificates

When a domain use our DNS servers, it is possible to generate a Let’s Encrypt wildcard certificate - *.example.org structure - in Advanced > SSL certificates > Add a SSL certificate > Create a Let’s Encrypt wildcard certificate. This certificate will be automatically renewed by the system.

These wildcard certificates are not valid for “naked” domains - example.org.