StackPath offers a free SSL certificate to help protect web traffic through your site's domain. This article will show how to request and validate the Free StackPath SSL Certificate and begin delivering your content over HTTPS.
Using the Free EdgeSSL Certificate is simple, as it will cover any domain or subdomain listed in the Settings Tab under Delivery Domains.
This article assumes you have completed Step 1 of our CDN Integration Guide and now have a StackPath Site with CDN Services created. If you have not, please use the link above for the most streamlined integration experience. To complete the current step in this article, You will need access to your DNS provider and your StackPath Control Portal.
Requesting the Certificate
Before proceeding, It's important to note that as mentioned above - you can only generate an SSL certificate for domains listed in your Site's Delivery Domains. We will walk you through the entire process below.
- Browse to the Site Overview page for the domain you are setting up SSL for.
- Navigate to the Settings tab and ensure that your domain is present under Delivery Domains.
- I.E. - If your site is "yourdomain.com" then please ensure that both "yourdomain.com" and "www.yourdomain.com" are listed. We will want these both covered by the SSL certificate. Add these by selecting + Add Delivery Domain and entering your domain and selecting Save: Note - your Edge Address will be in this list by default.
- If you have additional subdomains for your site, you may add them to this list as well. You will have the option to cover all of these URLs with the Free EdgeSSL Certificate.
- Return to the site Settings and request the free SSL from the EdgeSSL tab by clicking the 'Create Certificate' button.
- Select the Free Dedicated certificate option by clicking Generate.
- Select Deliver Domains: This step will provide a list of the available delivery domains that you verified previously. Additionally, you have the option to add a delivery domain, if the domain you require coverage for is not presented on the list. Click Continue to Validation
- Validation Method: Determines the kind of validation you would like to use to verify the ownership of your domain. Two options are presented:
DNS Challenge: Generate a new DNS record with your DNS Provider using our generated strings that Sectigo will check for.
HTTP Request: If the domain(s) you have selected for coverage already resolve to StackPath's systems, Sectigo can use an HTTP request to verify the ownership of your domain.
The remainder of this guide will focus on setting up the DNS record required for DNS Challenge validation. Select Create Certificate, and move on to the next step of the guide.
- DNS Validation: Follow the steps provided in the control panel to create the DNS record required for DNS Validation. An example is provided below, but please use the values provided to you in the control panel, as these values are unique to your new certificate. Once the steps have been completed, select I've configured my DNS. Continue
Checking the Validation
There are occasions where StackPath may take some time to validate the certificate. To troubleshoot this we should check to make sure the DNS record we created was not the issue by using a tool like WhatsMyDNS
- From the Show Instructions screen, copy the first value as demonstrated below:
- Perform a CNAME check on WhatsMyDNS with the above text as a subdomain. (Note - the text strings below are examples for this article, make sure you use the values from your own CDN Site's Show Instructions screen.)
- Our example site is yourdomain.com
- The text of the first value we copied from the Show Instructions screen was _b74d88407436ffd248f6ddb1d08055e9
- We will check for a963517eaddbfd19b92d0e1fcee311b5.yourdomain.com
- If we see records returning as below, then we know the record is correct - This text should match the second value from your Show Instructions screen, reflecting the CNAME record we created in the previous steps was done correctly.
- If we do not see anything (shown below), then there may be one of two problems. The record may not have been formatted correctly or the URL we pasted into the tool is incorrect. Another possibility is that the newly created DNS record is taking a while to propagate, perhaps due to the record having a longer TTL or delays with a DNS provider.
If you run into any problems completing the validation of your SSL Certificate, please feel free to reach out to Support at any time either via live chat or firstname.lastname@example.org.
StackPath SSL certificates are generated for 90 days at a time and automatically renewed 30 days before expiration.
Your domain must be pointed to the CDN for auto renewal to work properly.
Move on to Step 3
Now that you have created your CDN site, and set up SSL, we are ready to begin integrating with the CDN. Please move on to CDN Integration Guide Step 3: Full-Site Integration.