Overview
You can use these instructions to obtain a free SSL certificate generated by StackPath.
StackPath offers a free SSL certificate to help protect your web traffic through your site's domain. This certificate will cover any domain or subdomain listed in the Delivery Domains table.
StackPath SSL certificates are generated for 90 days at a time and are automatically renewed 30 days before the expiration date. To automatically renew your certificate, your domain must point to the CDN.
You can use this document to learn how to request and validate the Free StackPath SSL Certificate and deliver your content over HTTPS.
Note: To use an SSL certificate to cover a wildcard domain, see Learn About Wildcard SSL Certificates.
Step 1: Request the certificate
- In the StackPath Control Portal, in the left-side navigation, click Sites.
- Locate and select the desired site.
- In the left-side navigation, under Sites, click Settings.
- Under Delivery Domains, review the table to ensure that your domains are listed.
- You can only generate an SSL certificate for the domains listed in your Delivery Domains table.
- For example, if your site is yourdomain.com, then ensure that yourdomain.com and www.yourdomain.com are listed. StackPath recommends that the SSL certificate covers these two domains.
- If you have additional subdomains for your site, then you can add them to this list. To add a domain, click + Add Delivery Domain, enter your domain, and then click Save.
- In the left-side navigation, under Sites, click EdgeSSL.
- Next to Custom Delivery Certificate, click Create Certificate.
- Under Free Dedicated Certificate, click Generate.
- Under Delivery Domains, mark all the domains to add to the certificate, and then click Continue to Validation.
- Note: At this point, the certificate will begin to provision. If you navigate away from this screen, you will not be able to complete the process. As a result, you will need to delete the pending certificate, and begin this process again. To delete a pending certificate, in the EdgeSSL screen, next to Free Dedicated Certificate / Pending, click the ellipses on the right, click Delete, and then click Delete again.
- Your selected domains must point to StackPath so that StackPath can verify ownership for the selected domains.
Click Show Instructions to follow the on-screen instructions for the desired validation option.
There are two validation options:- With DNS Challenge Validation, you will create a CNAME record on your domain's DNS with a StackPath-generated string. StackPath will verify the record and then issue the SSL certificate.
- With HTTP Request Validation Validation, you will create a CNAME record to point your domains to your Site's edge address. StackPath will verify the domains' ownership through an HTTP request.
- When you have updated your DNS settings, click I've Configured my DNS. Continue.
Step 2: Review the validation
There are occasions where StackPath may take some time to validate the certificate. To avoid a delay, you can verify that the DNS records were created correctly.
- Access https://www.whatsmydns.net/.
- In the field, enter your DNS URL.
- To locate your DNS URL, in the portal, next to Verify Domain Ownership, click Show Instructions. In the table under DNS Challenge Validation, copy the information under the Name column. The Name will be similar to _acme-challenge.yourdomain.com.
- In the whatsmydns page, select CNAME.
- Click Search.
- A successful return will display green checkmarks, along with the StackPath-specific domain name listed in the portal.
- An unsuccessful return will display a red x. To troubleshoot, make sure you copied the correct value. Additionally, you may need to wait for the newly created DNS record to fully propagate, which can take up to 24 hours to complete.
- Repeat these steps for every entry in the table.
Next Steps
Now that you have created your CDN site and set up SSL, you can now integrate with the CDN. See CDN Integration Guide Step 3: Full-Site Integration.