StackPath offers a free SSL certificate to help protect your web traffic through your site's domain. This article will show you how to request and validate the Free StackPath SSL Certificate and delivery your content over HTTPS.
Using the Free EdgeSSL Certificate is simple, as it will cover any domain or subdomain listed in your Settings Tab under Delivery Domains.
You will need access to your DNS provider and your StackPath Control Portal. This article assumes you have created a Stack and Site for your desired delivery domain.
Requesting the Certificate
- Login to the StackPath Control Panel
- Select Sites on the left side navigation
- Select the Site you want to generate an SSL certificate for
- Navigate to the Settings tab and ensure the Delivery Domains are present. You may have multiple subdomains in this list and have the option to cover all of them with the EdgeSSL Certificate. (your Edge Address will be here by default)
- Return to the site Settings and request the free SSL from the EdgeSSL tab by clicking the 'Generate Free SSL' button.
- Select the domains you wish to generate an SSL Certificate. You may cover any of the Delivery Domains in this list. Once you select the domains you want covered, select Continue.
Create Validation Record
The EdgeSSL certificate uses a a DNS challenge to validate ownership of a domain. In a DNS challenge, we create a special DNS record using the values in Step 1 below. The system then queries for this record. Once the record is detected, the certificate will be shown as Trusted.
This is an automatic process if you have already integrated the StackPath DNS.
- Once we have completed Requesting the Certificate, we see the values needed to create our DNS Validation record.
Example of Validation record:
- Upon creating the CNAME, your request will be checked for verification and final CA Signing and should show as trusted within a few minutes
Checking the Validation
There are occasions in which the system takes some time to validate the certificate. We can check our work, and make sure that the DNS record we created was not the issue by using a tool like WhatsMyDNS
- Navigate to the EdgeSSL Tab of your Site and copy the following value: The site for this article's example is foobar.com.
- Perform a CNAME check on WhatsMyDNS with the above text as a subdomain.
- Our example site is foobar.com
- The text we copied was _a963517eaddbfd19b92d0e1fcee311b5
- We will check for _a963517eaddbfd19b92d0e1fcee311b5.foobar.com
- If we see records returning as below, then we know the record is correct.
- If we do not see anything as below, then we may need to make sure the record was formatted correctly or that we are checking for the correct record. We also might just need to wait a little longer, perhaps due to a TTL issue.
If you run into any problems completing the validation of your SSL Certificate, please feel free to reach out to Support at any time.
StackPath SSL certificates are generated for 90 days at a time and automatically renewed 30 days before expiration.
For automatic renewal to take place, you must point the DNS of each of the domains you select at StackPath - To add additional domains, add a Delivery Domain on the Settings page.