SSL Certificate Application & Troubleshooting Guide - Help Center

Q: Is my private key safe with CertificateHub?

Absolutely. All key pairs and CSRs are generated directly inside your local browser via the Web Crypto API. Your private keys are never transmitted to or stored on our servers.

1. Fill Basic Information

1 Enter Domain: Supports root domains (e.g., example.com) or wildcard domains (e.g., *.example.com).

2. Method: HTTP File-based Validation

Recommended if you have server access and the domain is already pointing to that server's IP.

Workflow:

After selecting "HTTP Validation", the system provides a file path and file content:

Create a directory in your web root: .well-known/acme-challenge/
Create a file named with the provided Token.
Paste the Key Authorization content into the file and save.
Click "Verify".

# Nginx Configuration Example (HTTP Validation)
location /.well-known/acme-challenge/ {
    root /var/www/html;
}

3. Method: DNS-01 Challenge

Use this if you cannot modify server files or need a wildcard certificate (*.example.com).

Workflow:

TXT Record: You need to create a TXT record named _acme-challenge.

1. Log in to your DNS provider (e.g., Alibaba Cloud, Cloudflare, AWS).

2. Add a new TXT record for your domain.

3. Host/Name: _acme-challenge (or _acme-challenge.www).

4. Value: Paste the random string generated by the system.

Note: DNS propagation usually takes 1-10 minutes. Use nslookup -q=txt _acme-challenge.yourdomain.com to verify the record is live before clicking "Verify".

4. Download & Deployment

Once verified, Let's Encrypt issues your certificate. You will receive:

certificate.crt: Your public key certificate.

private.key: Your domain's private key.

Configure these files in your Nginx or Apache server to enable HTTPS.

server {
    listen              443 ssl;
    server_name         example.com;

    ssl_protocols       TLSv1.2 TLSv1.3;
    ssl_certificate     /path/to/cert.crt;
    ssl_certificate_key /path/to/cert.key;

    location / {
        root   /usr/share/nginx/html;
        index  index.html;
    }
}

5. FAQ

SSL Certificate Generation

Question: How long is a free SSL certificate valid for?

Answer: Certificates issued via automated CAs (like Let's Encrypt) are valid for 90 days. You can regenerate and renew them for free at any time before expiration.

Verification & Privacy

Question: Is my private key safe with CertificateHub?

Answer: We strictly adherence to a zero-storage, zero-logging policy. Your private keys and certificate assets are processed solely in temporary memory and are completely and permanently destroyed as soon as the session ends.

SSL Certificate Generation

Question: Can I apply for wildcard certificates?

Answer: Yes. CertificateHub fully supports wildcard domain registration (e.g., *.yourdomain.com). Note that CA standards require DNS verification for all wildcard applications.

SSL Certificate Application Guide

1. Fill Basic Information

2. Method: HTTP File-based Validation

Workflow:

3. Method: DNS-01 Challenge

Workflow:

4. Download & Deployment

5. FAQ

SSL Certificate Generation

Verification & Privacy

SSL Certificate Generation