Skip to content

Buy a Certificate

Run:

sslmate buy DOMAIN...
  • DOMAIN is the hostname or wildcard domain that you need the certificate to secure, such as example.com, www.example.com, subdomain.example.com, or *.example.com.

  • For a wildcard domain, specify a DOMAIN like *.example.com.

  • If you need to secure multiple hostnames or wildcard domains, specify them as multiple arguments to sslmate buy.

  • The certificate's auto-renewal setting will be set to your account's default auto-renewal setting. To override, specify the --auto-renew or --no-auto-renew options.

  • For other options, run sslmate help buy or consult the sslmate(1) man page.

You will be required to prove that you are authorized to obtain a certificate for each DOMAIN, by responding to an email, publishing a DNS record, or configuring your web server. For more information, including how to automate this process, see the certificate approval documentation.

After the sslmate command completes, four files will be placed in your key and cert directories (/etc/sslmate by default when running as root):

  • example.com.key - the private key
  • example.com.crt - the certificate
  • example.com.chain.crt - the certificate chain (aka intermediate cert)
  • example.com.chained.crt - a concatenation of the certificate and the chain, for convenience

Configure Your Server

You should configure your server software with the above files. Consult your software's documentation, or use the config guide below.

Choose your operating system:

Debian 12 (Bookworm)

Prerequisite: the ca-certificates package must be installed.

wget -O /etc/apt/sources.list.d/sslmate1.list https://sslmate.com/apt/bookworm/sslmate1.list

wget -O /etc/apt/trusted.gpg.d/sslmate.gpg https://sslmate.com/apt/bookworm/sslmate.gpg

apt-get update

apt-get install sslmate

Debian 11 (Bullseye)

Prerequisite: the ca-certificates package must be installed.

wget -O /etc/apt/sources.list.d/sslmate1.list https://sslmate.com/apt/bullseye/sslmate1.list

wget -O /etc/apt/trusted.gpg.d/sslmate.gpg https://sslmate.com/apt/bullseye/sslmate.gpg

apt-get update

apt-get install sslmate

Debian 10 (Buster)

Prerequisite: the ca-certificates package must be installed.

wget -O /etc/apt/sources.list.d/sslmate1.list https://sslmate.com/apt/buster/sslmate1.list

wget -O /etc/apt/trusted.gpg.d/sslmate.gpg https://sslmate.com/apt/buster/sslmate.gpg

apt-get update

apt-get install sslmate

Debian 9 (Stretch)

Prerequisite: the ca-certificates package must be installed.

wget -O /etc/apt/sources.list.d/sslmate1.list https://sslmate.com/apt/stretch/sslmate1.list

wget -O /etc/apt/trusted.gpg.d/sslmate.gpg https://sslmate.com/apt/stretch/sslmate.gpg

apt-get update

apt-get install sslmate

Ubuntu 23.10

Prerequisite: the ca-certificates package must be installed.

wget -O /etc/apt/sources.list.d/sslmate1.list https://sslmate.com/apt/ubuntu2310/sslmate1.list

wget -O /etc/apt/trusted.gpg.d/sslmate.gpg https://sslmate.com/apt/ubuntu2310/sslmate.gpg

apt-get update

apt-get install sslmate

Ubuntu 23.04

Prerequisite: the ca-certificates package must be installed.

wget -O /etc/apt/sources.list.d/sslmate1.list https://sslmate.com/apt/ubuntu2304/sslmate1.list

wget -O /etc/apt/trusted.gpg.d/sslmate.gpg https://sslmate.com/apt/ubuntu2304/sslmate.gpg

apt-get update

apt-get install sslmate

Ubuntu 22.10

Prerequisite: the ca-certificates package must be installed.

wget -O /etc/apt/sources.list.d/sslmate1.list https://sslmate.com/apt/ubuntu2210/sslmate1.list

wget -O /etc/apt/trusted.gpg.d/sslmate.gpg https://sslmate.com/apt/ubuntu2210/sslmate.gpg

apt-get update

apt-get install sslmate

Ubuntu 22.04

Prerequisite: the ca-certificates package must be installed.

wget -O /etc/apt/sources.list.d/sslmate1.list https://sslmate.com/apt/ubuntu2204/sslmate1.list

wget -O /etc/apt/trusted.gpg.d/sslmate.gpg https://sslmate.com/apt/ubuntu2204/sslmate.gpg

apt-get update

apt-get install sslmate

Ubuntu 20.04

Prerequisite: the ca-certificates package must be installed.

wget -O /etc/apt/sources.list.d/sslmate1.list https://sslmate.com/apt/ubuntu2004/sslmate1.list

wget -O /etc/apt/trusted.gpg.d/sslmate.gpg https://sslmate.com/apt/ubuntu2004/sslmate.gpg

apt-get update

apt-get install sslmate

Ubuntu 18.04

Prerequisite: the ca-certificates package must be installed.

wget -O /etc/apt/sources.list.d/sslmate1.list https://sslmate.com/apt/ubuntu1804/sslmate1.list

wget -O /etc/apt/trusted.gpg.d/sslmate.gpg https://sslmate.com/apt/ubuntu1804/sslmate.gpg

apt-get update

apt-get install sslmate

Ubuntu 16.04

Prerequisite: the ca-certificates package must be installed.

wget -O /etc/apt/sources.list.d/sslmate1.list https://sslmate.com/apt/ubuntu1604/sslmate1.list

wget -O /etc/apt/trusted.gpg.d/sslmate.gpg https://sslmate.com/apt/ubuntu1604/sslmate.gpg

apt-get update

apt-get install sslmate

Ubuntu 14.04

Prerequisite: the ca-certificates package must be installed.

wget -O /etc/apt/sources.list.d/sslmate1.list https://sslmate.com/apt/ubuntu1404/sslmate1.list

wget -O /etc/apt/trusted.gpg.d/sslmate.gpg https://sslmate.com/apt/ubuntu1404/sslmate.gpg

apt-get update

apt-get install sslmate

RHEL/CentOS/SL (6, 7, and 8)

Prerequisite: the wget and ca-certificates packages must be installed.

wget -O /etc/yum.repos.d/SSLMate1.repo https://sslmate.com/yum/centos/SSLMate1.repo

wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-SSLMate https://sslmate.com/yum/centos/RPM-GPG-KEY-SSLMate

yum install sslmate

Amazon Linux 1

Prerequisite: the wget and ca-certificates packages must be installed.

wget -O /etc/yum.repos.d/SSLMate1.repo https://sslmate.com/yum/amzn1/SSLMate1.repo

wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-SSLMate https://sslmate.com/yum/amzn1/RPM-GPG-KEY-SSLMate

yum install sslmate

Amazon Linux 2

Prerequisite: the wget and ca-certificates packages must be installed.

wget -O /etc/yum.repos.d/SSLMate1.rep https://sslmate.com/yum/amzn2/SSLMate1.repo

wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-SSLMate https://sslmate.com/yum/amzn2/RPM-GPG-KEY-SSLMate

yum install sslmate

Amazon Linux 2023

wget -O /etc/yum.repos.d/SSLMate1.rep https://sslmate.com/yum/amzn2023/SSLMate1.repo

wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-SSLMate https://sslmate.com/yum/amzn2023/RPM-GPG-KEY-SSLMate

yum install sslmate

Fedora (27+)

Prerequisite: the wget and ca-certificates packages must be installed.

wget -O /etc/yum.repos.d/SSLMate1.rep https://sslmate.com/yum/fedora/SSLMate1.repo

wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-SSLMate https://sslmate.com/yum/fedora/RPM-GPG-KEY-SSLMate

yum install sslmate

Other

1. Download sslmate-latest.tar.gz and extract:

tar xzvf sslmate-latest.tar.gz

cd sslmate-VERSION

2. Install dependencies:

cpan URI Term::ReadKey JSON::PP

3. Install SSLMate to /usr/local/bin:

make install

Or, install to a custom prefix:

make install PREFIX=/path/to/directory

Remember to restart your server software after changing its configuration. Note that Apache must be fully restarted after changing certificate configuration; a reload is not sufficient.

Test Your Server

After configuring your server, you can use the sslmate test command to make sure that your certificate has been properly installed:

sslmate test DOMAIN

For more information about sslmate test, run sslmate help test or consult the sslmate(1) man page.

Next step: Set up a cron job to run sslmate download for renewals.

See also: Certificate approval process