Buy a Certificate

Run:

sslmate buy DOMAIN...
  • DOMAIN is the hostname or wildcard domain that you need the certificate to secure, such as example.com, www.example.com, subdomain.example.com, or *.example.com.

  • For a wildcard domain, specify a DOMAIN like *.example.com.

  • If you need to secure multiple hostnames or wildcard domains, specify them as multiple arguments to sslmate buy.

  • The certificate's auto-renewal setting will be set to your account's default auto-renewal setting. To override, specify the --auto-renew or --no-auto-renew options.

  • For other options, run sslmate help buy or consult the sslmate(1) man page.

You will be required to prove that you are authorized to obtain a certificate for each DOMAIN, by responding to an email, publishing a DNS record, or configuring your web server. For more information, including how to automate this process, see the certificate approval documentation.

After the sslmate command completes, four files will be placed in your key and cert directories (/etc/sslmate by default when running as root):

  • example.com.key - the private key
  • example.com.crt - the certificate
  • example.com.chain.crt - the certificate chain (aka intermediate cert)
  • example.com.chained.crt - a concatenation of the certificate and the chain, for convenience

Configure Your Server

You should configure your server software with the above files. Consult your software's documentation, or use the config guide below.

Choose your operating system:

Debian 11 (Bullseye)

Prerequisite: the ca-certificates package must be installed.

wget -P /etc/apt/sources.list.d https://sslmate.com/apt/bullseye/sslmate1.list

wget -P /etc/apt/trusted.gpg.d https://sslmate.com/apt/bullseye/sslmate.gpg

apt-get update

apt-get install sslmate

Debian 10 (Buster)

Prerequisite: the ca-certificates package must be installed.

wget -P /etc/apt/sources.list.d https://sslmate.com/apt/buster/sslmate1.list

wget -P /etc/apt/trusted.gpg.d https://sslmate.com/apt/buster/sslmate.gpg

apt-get update

apt-get install sslmate

Debian 9 (Stretch)

Prerequisite: the ca-certificates package must be installed.

wget -P /etc/apt/sources.list.d https://sslmate.com/apt/stretch/sslmate1.list

wget -P /etc/apt/trusted.gpg.d https://sslmate.com/apt/stretch/sslmate.gpg

apt-get update

apt-get install sslmate

Debian 8 (Jessie)

Prerequisite: the ca-certificates package must be installed.

wget -P /etc/apt/sources.list.d https://sslmate.com/apt/jessie/sslmate1.list

wget -P /etc/apt/trusted.gpg.d https://sslmate.com/apt/jessie/sslmate.gpg

apt-get update

apt-get install sslmate

Debian 7 (Wheezy)

Prerequisite: the ca-certificates package must be installed.

wget -P /etc/apt/sources.list.d https://sslmate.com/apt/wheezy/sslmate1.list

wget -P /etc/apt/trusted.gpg.d https://sslmate.com/apt/wheezy/sslmate.gpg

apt-get update

apt-get install sslmate

Ubuntu 21.10

Prerequisite: the ca-certificates package must be installed.

wget -P /etc/apt/sources.list.d https://sslmate.com/apt/ubuntu2110/sslmate1.list

wget -P /etc/apt/trusted.gpg.d https://sslmate.com/apt/ubuntu2110/sslmate.gpg

apt-get update

apt-get install sslmate

Ubuntu 21.04

Prerequisite: the ca-certificates package must be installed.

wget -P /etc/apt/sources.list.d https://sslmate.com/apt/ubuntu2104/sslmate1.list

wget -P /etc/apt/trusted.gpg.d https://sslmate.com/apt/ubuntu2104/sslmate.gpg

apt-get update

apt-get install sslmate

Ubuntu 20.10

Prerequisite: the ca-certificates package must be installed.

wget -P /etc/apt/sources.list.d https://sslmate.com/apt/ubuntu2010/sslmate1.list

wget -P /etc/apt/trusted.gpg.d https://sslmate.com/apt/ubuntu2010/sslmate.gpg

apt-get update

apt-get install sslmate

Ubuntu 20.04

Prerequisite: the ca-certificates package must be installed.

wget -P /etc/apt/sources.list.d https://sslmate.com/apt/ubuntu2004/sslmate1.list

wget -P /etc/apt/trusted.gpg.d https://sslmate.com/apt/ubuntu2004/sslmate.gpg

apt-get update

apt-get install sslmate

Ubuntu 19.10

Prerequisite: the ca-certificates package must be installed.

wget -P /etc/apt/sources.list.d https://sslmate.com/apt/ubuntu1910/sslmate1.list

wget -P /etc/apt/trusted.gpg.d https://sslmate.com/apt/ubuntu1910/sslmate.gpg

apt-get update

apt-get install sslmate

Ubuntu 19.04

Prerequisite: the ca-certificates package must be installed.

wget -P /etc/apt/sources.list.d https://sslmate.com/apt/ubuntu1904/sslmate1.list

wget -P /etc/apt/trusted.gpg.d https://sslmate.com/apt/ubuntu1904/sslmate.gpg

apt-get update

apt-get install sslmate

Ubuntu 18.10

Prerequisite: the ca-certificates package must be installed.

wget -P /etc/apt/sources.list.d https://sslmate.com/apt/ubuntu1810/sslmate1.list

wget -P /etc/apt/trusted.gpg.d https://sslmate.com/apt/ubuntu1810/sslmate.gpg

apt-get update

apt-get install sslmate

Ubuntu 18.04

Prerequisite: the ca-certificates package must be installed.

wget -P /etc/apt/sources.list.d https://sslmate.com/apt/ubuntu1804/sslmate1.list

wget -P /etc/apt/trusted.gpg.d https://sslmate.com/apt/ubuntu1804/sslmate.gpg

apt-get update

apt-get install sslmate

Ubuntu 17.10

Prerequisite: the ca-certificates package must be installed.

wget -P /etc/apt/sources.list.d https://sslmate.com/apt/ubuntu1710/sslmate1.list

wget -P /etc/apt/trusted.gpg.d https://sslmate.com/apt/ubuntu1710/sslmate.gpg

apt-get update

apt-get install sslmate

Ubuntu 17.04

Prerequisite: the ca-certificates package must be installed.

wget -P /etc/apt/sources.list.d https://sslmate.com/apt/ubuntu1704/sslmate1.list

wget -P /etc/apt/trusted.gpg.d https://sslmate.com/apt/ubuntu1704/sslmate.gpg

apt-get update

apt-get install sslmate

Ubuntu 16.10

Prerequisite: the ca-certificates package must be installed.

wget -P /etc/apt/sources.list.d https://sslmate.com/apt/ubuntu1610/sslmate1.list

wget -P /etc/apt/trusted.gpg.d https://sslmate.com/apt/ubuntu1610/sslmate.gpg

apt-get update

apt-get install sslmate

Ubuntu 16.04

Prerequisite: the ca-certificates package must be installed.

wget -P /etc/apt/sources.list.d https://sslmate.com/apt/ubuntu1604/sslmate1.list

wget -P /etc/apt/trusted.gpg.d https://sslmate.com/apt/ubuntu1604/sslmate.gpg

apt-get update

apt-get install sslmate

Ubuntu 14.04

Prerequisite: the ca-certificates package must be installed.

wget -P /etc/apt/sources.list.d https://sslmate.com/apt/ubuntu1404/sslmate1.list

wget -P /etc/apt/trusted.gpg.d https://sslmate.com/apt/ubuntu1404/sslmate.gpg

apt-get update

apt-get install sslmate

RHEL/CentOS/SL (6, 7, and 8)

Prerequisite: the wget and ca-certificates packages must be installed.

wget -P /etc/yum.repos.d https://sslmate.com/yum/centos/SSLMate1.repo

wget -P /etc/pki/rpm-gpg https://sslmate.com/yum/centos/RPM-GPG-KEY-SSLMate

yum install sslmate

Amazon Linux 1

Prerequisite: the wget and ca-certificates packages must be installed.

wget -P /etc/yum.repos.d https://sslmate.com/yum/amzn1/SSLMate1.repo

wget -P /etc/pki/rpm-gpg https://sslmate.com/yum/amzn1/RPM-GPG-KEY-SSLMate

yum install sslmate

Amazon Linux 2

Prerequisite: the wget and ca-certificates packages must be installed.

wget -P /etc/yum.repos.d https://sslmate.com/yum/amzn2/SSLMate1.repo

wget -P /etc/pki/rpm-gpg https://sslmate.com/yum/amzn2/RPM-GPG-KEY-SSLMate

yum install sslmate

Fedora (27+)

Prerequisite: the wget and ca-certificates packages must be installed.

wget -P /etc/yum.repos.d https://sslmate.com/yum/fedora/SSLMate1.repo

wget -P /etc/pki/rpm-gpg https://sslmate.com/yum/fedora/RPM-GPG-KEY-SSLMate

yum install sslmate

Arch Linux

yaourt sslmate

MacOS (Homebrew)

brew update

brew install sslmate

Other

1. Download sslmate-latest.tar.gz and extract:

tar xzvf sslmate-latest.tar.gz

cd sslmate-VERSION

2. Install dependencies:

cpan URI Term::ReadKey JSON::PP

3. Install SSLMate to /usr/local/bin:

make install

Or, install to a custom prefix:

make install PREFIX=/path/to/directory

Remember to restart your server software after changing its configuration. Note that Apache must be fully restarted after changing certificate configuration; a reload is not sufficient.

Test Your Server

After configuring your server, you can use the sslmate test command to make sure that your certificate has been properly installed:

sslmate test DOMAIN

For more information about sslmate test, run sslmate help test or consult the sslmate(1) man page.

Next step: Set up a cron job to run sslmate download for renewals.

See also: Certificate approval process