SSLMate FAQ

How fast is SSLMate?

Really fast. In nearly all cases, it takes less than a minute from the time you order a certificate to the time you have both a key and certificate file sitting on your filesystem.

What platforms does SSLMate support?

The key and certificates generated by SSLMate can be used with any server platform, and work in any modern web browser.

The sslmate command line tool is officially supported on several popular Linux distros and macOS and can also run anywhere that has a Perl interpreter and OpenSSL. See our install page for more information.

If you can't run the sslmate command line tool, you can order a certificate from your web browser instead.

Do you support wildcard certificates?

Yes! When ordering your certificate, put *. before your domain name, like this: *.example.com.

Do you support multiple hostname/domain (aka SAN/UCC) certs?

Yes! When ordering your certificate, specify multiple hostnames or wildcard domains on the command line to sslmate buy, like this:

sslmate buy example.com www.example.com example.org "*.example.org"

See Certificate Pricing for more information about how certificates with multiple hostnames are priced.

Will a certificate for example.com also work for www.example.com?

It will if you want to! Just specify both names when ordering a certificate. There is no extra charge for doing so.

What types of payment do you accept?

We accept the following credit/debit cards: Visa, MasterCard, American Express, JCB, Discover, and Diners Club.

We do not accept PayPal or Bitcoin. SSLMate is all about automation, and PayPal and Bitcoin require manual steps for every payment.

How do you use my credit card number?

We ask for your credit card number when signing up so we don't have to ask for it every time you buy a certificate. Rest assured, we do not charge your credit card until you actually purchase a certificate.

Keeping your credit card on file also lets your certificates automatically renew, ensuring that you never let a site go down because you forgot to renew a certificate. Auto-renewal is easy to disable if you don't want it, and we always send an email one week before charging your credit card in case you don't need the certificate anymore.

Note that we don't store your credit card number directly; our payment processor, Stripe, does.

What's your refund policy?

Full refunds are available for the first 10 days following your purchase. Refunds will be credited to the credit card used to make the purchase. To request a refund, please contact us. Please allow up to one business day for your refund request to be processed.

What browsers do your certificates work with?

Any modern browser. SSLMate's certificates have been tested successfully in browsers as old as IE6 on Windows XP SP3.

What kinds of certificates do you issue?

Our SSLMate Basic service issues PositiveSSL certificates from Sectigo (formerly known as Comodo Certification Authority).

Our SSLMate for SaaS service issues Let's Encrypt certificates.

SSLMate may use different certificate authorities in the future. Unlike other SSL certificate vendors who present you with a confusing choice of five or more different brands, SSLMate tracks the industry closely and only offers certificates from the very best.

What's the approval process for getting a certificate?

See our approval documentation.

What can I do if I don't receive the approval email?

First, please be sure to double-check your spam folder.

Next, you can try resending the approval email using the sslmate retry-approval HOSTNAME command. You can also try resending the approval email to a different address using the sslmate edit command as follows: sslmate edit HOSTNAME --email=ADDRESS. (ADDRESS must be one of the acceptable addresses listed when you run sslmate buy).

If you're still having problems, you can get in touch with support.

Do you sell Extended Validation (EV) certs?

We recommend domain validation certificates because they can be automated and provide just as much security as an extended validation certificate.

If you have a special need to issue extended validation certificates, please contact support.

Do you sell Organization Validation (OV) certs?

No. OV certs provide no additional security over DV certs and are not displayed differently in the browser. Their main distinguishing features are that they are more expensive and take longer to issue.

How many servers can I install my SSLMate certificate on?

Any number. SSLMate certificates come with an unlimited server license.

Do you sell multi-year certificates?

Not by default. The evolving nature of cryptography means that a multi-year certificate is at risk of needing replacement before its term expires in order to take advantage of the latest best practices in security. Instead of offering multi-year certificates, SSLMate automates the renewal process so that yearly renewals are extremely easy. This is similar to the approach that Google uses internally: their certificates are valid for merely three months, but they have a fully automated process for rotating certificates.

If you have a special need for a multi-year certificate (e.g. to install on a device where renewal can't be automated), get in touch and we can help you out.

Where is my private key generated and stored?

Your private key is generated exclusively on your system and is never transmitted to or stored by SSLMate. The sslmate command line program is open source and can be audited to verify that this is true.

What size key does sslmate generate?

The sslmate command generates a 2048 bit RSA key. This is widely considered the best size for SSL: 1024 bit keys are inadequately secure, and 4096 bit keys slow down browser connections without providing an appreciable security gain.

Does SSLMate support elliptic curve (ECDSA) certificates?

Yes. Pass the --key-type=ecdsa option to sslmate buy to generate an ECDSA key. The resulting certificate will be signed with ECDSA.

Note that while ECDSA is faster than RSA, it is supported by fewer clients. If support for IE 8 on Windows XP, Android 2.3, or Java 6 is important, do not use ECDSA. If in doubt, do not use ECDSA.

SSLMate generates a key on the NIST P-256 curve (aka prime256v1 or secp256r1).

Get Started with SSLMate Today

Buy a new certificate, or import your existing certs for free.

Click to sign up