Order Free 90-Day SSL/TLS Certificates with ACME

You can use the ACME protocol to order free 90-day DV SSL/TLS certificates from SSL.com. These certificates include one domain, plus optionally the www subdomain.

If You Already Have an SSL.com Account

Free 90-day DV certificates are issued automatically if your SSL.com does not have sufficient available funds to cover a one-year certificate when you request a certificate with ACME. If you already have an SSL.com customer account, you can check your available funds and then follow the instructions in these SSL.com support articles:


If You Do Not Have an SSL.com Account

An SSL.com customer account is required to order free certificates from SSL.com with ACME. Please read our signup guide for full instructions on creating your account in our user portal. You can also create a new account simply by executing a Certbot command with no EAB credentials. Replace YOUR_EMAIL_ADDRESS and YOUR_DOMAIN in the command below with your actual information:

sudo certbot certonly --manual --server https://acme.ssl.com/sslcom-dv-rsa  --config-dir /etc/ssl-com --logs-dir /var/log/ssl-com --email=YOUR_EMAIL_ADDRESS -d YOUR_DOMAIN

Executing the command above will produce a message like the following:

An unexpected error occurred:
The client lacks sufficient authorization :: Please check your inbox at YOUR_EMAIL_ADDRESS for ACME instructions. Visit https://secure.ssl.com/billing_profiles to add your billing information. If you need assistance, please contact support@ssl.com

If there is no existing SSL.com account for the email address used in the command, one will be created automatically. Check for an email message that will include an updated version of your Certbot command with EAB credentials included:

sudo certbot certonly --manual --server https://acme.ssl.com/sslcom-dv-rsa  --config-dir /etc/ssl-com --logs-dir /var/log/ssl-com --email=YOUR_EMAIL_ADDRESS --eab-hmac-key YOUR_HMAC_KEY --eab-kid YOUR_ACCOUNT_KEY -d YOUR_DOMAIN

Warming: When you first run the above certbot command, ACME account info will be stored on your computer in the configuration directory (/etc/ssl-com in the command shown above. On future runs of certbot, you can omit the --eab-hmac-key and --eab-kid options because certbot will ignore them in favor of the locally stored account info.

If you need to associate your ACME certificate orders for the computer with a different SSL.com account, you should remove this account information from your computer with the command sudo rm -r /etc/ssl-com/accounts/acme.ssl.com (or, if you omitted the optional --config-dir option, sudo rm -r /etc/letsencrypt/accounts/acme.ssl.com).[/su_note]


Including www in Your Certificate

Even though the www subdomain is included free of charge with SSL.com's free DV SSL certificates, you will still need to include it in your command if you want it in your certificate. Simply add the additional domain to your Certbot command as follows:

sudo certbot certonly --manual --server https://acme.ssl.com/sslcom-dv-rsa  --config-dir /etc/ssl-com --logs-dir /var/log/ssl-com --email=YOUR_EMAIL_ADDRESS --eab-hmac-key YOUR_HMAC_KEY --eab-kid YOUR_ACCOUNT_KEY -d YOUR_DOMAIN -d www.YOUR_DOMAIN