How Can I Apply for a Free SSL Certificate?

Constraints

• You can apply for a maximum of 20 free SSL certificates under each account. In SCM, only one free certificate can be applied for at a time.
  

  • Deleted certificates and revoked certificates are all counted towards the free certificate quota.
  • Your account and the IAM users created under your account share the quota of the 20 free certificates. For example, if an account has applied for 20 free certificates, no free certificate can be applied for by the account and the IAM users created using this account.
  • If your account has used up the quota of 20 free SSL certificates but you still want to apply for more free SSL certificates, purchase the DigiCert DV (basic) single-domain certificate package to increase your free certificate quota. For details, see What Can I Do If My Free Certificate Quota Is Used Up?
• One free SSL certificate can be used for only one single domain name.
• Free certificates cannot be used to protect IP addresses or wildcard domain names.
• By default, DNS verification is used to verify the domain ownership of a free certificate.
• The trust and security level of free certificates are low. They are recommended only for testing.
• For DigiCert DV (Basic) free certificates, no free technical support or installation guide is provided.
• A free certificate is valid for one year and cannot be renewed. After a free certificate expires, it cannot be used anymore. If you still need an SSL certificate, create one in CCM.

Step 1: Creating a Free Certificate (Method 1)

1. Log in to the management console.
2. In the upper left corner of the certificate list, click Create Test Certificate.

   The numbers displayed next to the Create Test Certificate button indicate the remaining quota and total quota of test certificates you can create. For example, if 13/20 is displayed, you can create 13 more test certificates and can create up to 20 test certificates.

3. Read and select I have read and agree to the Cloud Certificate Manager Statement. Then, click OK.
4. You can view the created free test certificate in the SSL certificate list.
   

   If the test certificate is not displayed in the certificate list, refresh the page.

Step 1: Creating a Free Certificate (Method 2)

1. Log in to the management console.
2. In the upper right corner of the page, click Buy Certificate to go to the certificate purchase page.
3. On the certificate purchase page, set parameters.
   • Domain Type: Select Single domain.
   • Certificate Type: Select DV (Basic).
   • Certificate Authority: Select DigiCert.
   • After you select a certificate type and CA, other parameters, such as Domain Quantity, Validity Period, and Quantity, are configured automatically.
   Figure 1 Free certificate configuration
4. Click Next.
5. Confirm the order information and agree to the CCM statement by selecting I have read and agree to the Cloud Certificate Manager Statement. Click Pay.
6. On the displayed page, select a payment method.

   After the payment is complete, go back to the certificate list to view the purchased certificate.

Step 2: Submit a Certificate Application to the CA

After you create a test certificate, associate a domain name with the certificate, provide additional details, and then submit the application for approval.

Step 3: Verify Domain Ownership by DNS

Domain name ownership verification by DNS is to verify domain ownership by resolving a specific DNS record on the platform hosting the domain name. To this end, you need to add a DNS record for your domain name on the platform. For example, if you purchase a domain name from company A, you need to add a TXT DNS record for your domain name on the domain name management platform of company A.

• If you apply for a domain name on and the domain name has been resolved by DNS, the system automatically adds DNS records for verification.
• If your domain name is hosted on other platforms, such as www.net.cn, www.xinnet.com, and www.dnspod.cn, you need to go to the DNS service provider of the domain name to perform the verification.

• After you submit the certificate application to a CA, complete the configuration of domain name verification based on the information displayed on the certificate list page, or your certificate will remain in the Pending domain name verification state and will fail the verification.
• After you complete the DNS verification on your side, it still takes a while for the CA to review your DNS verification results.

Step 4: Issue the Certificate

After the domain name ownership is verified using DNS, it takes some time for the CA to approve your application. The CA will issue the certificate only after they validate your information.

The certificate takes effect immediately upon issuance. You can deploy the certificate to other cloud products or download the certificate and deploy it on a server.

After you submit an application, the CA checks the domain ownership or organization verification status at the following frequency:

• 0 to 1 hour after the application is submitted: The CA checks the verification status every 15 minutes. Generally, if the configuration is correct, the certificate is issued within 10 to 20 minutes.
• 1 to 4 hours after the application is submitted: The CA checks the verification every 30 minutes.
• 4 to 24 hours after the application is submitted: The CA checks the verification every hour.
• 1 to 7 days after the application is submitted: The CA checks the verification every 4 hours.
• If you did not complete the required verification over 7 days after the application is submitted, the order times out and is automatically canceled.