Please follow the steps below to create a new SSL certificate on ZeroSSL. Before you start, please note that you can choose from single-domain, multi-domain and wildcard certificates with a both 90-day or annual (formerly 1-year) validity.
To create an SSL certificate, navigate to the New Certificate page and get ready to enter the domain(s) you want secured. You can enter a single domain or multiple domains, or choose to protect your domains using a wildcard certificate.
-
Single-Domain Certificate
Secure a single domain using your SSL certificate. For single-domain certificates, the www-version of your domain will be secured as well at no additional charge. -
Multi-Domain Certificate
Secure multiple domains using your SSL certificate. You can both add multiple versions of the same domain (e.g. www-version or subdomain) as well as completely unrelated domains (e.g. apple.com and store.com). -
Wildcard Certificate
Secure all subdomain versions of your domain using your SSL certificates. Wildcards are typically shown as *.domain.com in order to represent that any type of subdomain is protected at once.
Next, you will need to choose between a 90-day or annual validity for your SSL certificate. To keep manual work renewing certificates at a minimum, we usually recommend choosing annual certificates.
-
90-Day Certificate
SSL certificates with a validity of 90 days. For this type of certificate, manual renewal will be required every 90 days. -
Annual Certificate
Under Ballot SC-081v3, SSL certificates must be renewed no later than day 199. The first renewal of your annual certificate uses no additional credits and extends its validity for the remainder of the 1-year period (about 165 days).
You can choose from the following add‑ons:
-
ZeroSSL Protect
Adds automated malware scanning, blacklist monitoring, and site reputation checks to help keep your website secure. ZeroSSL Protect continuously monitors your domain and alerts you to potential security risks before they impact your visitors. -
Unlimited 90-Day Certificates
Enables unlimited creation of 90‑day certificates. This add‑on is ideal if you need to generate a large number of short‑term certificates, for example for staging environments, testing, or high‑volume automated setups. -
REST API Access
Unlocks full access to the ZeroSSL REST API. This option is recommended for developers and teams who want to automate certificate creation, domain validation, and renewals using scripts, integrations, or custom tools. -
Technical Support
Provides access to our technical support team for troubleshooting, certificate installation help, and guidance throughout the certificate lifecycle.
Once you’ve selected the add‑ons you need, click Next Step to continue.
Next, you will need to make a choice between having your Certificate Signing Request (CSR) automatically generated by our system or entering your CSR or contact details manually to generate a CSR. Find three available options below:
-
Auto-Generate CSR (Default)
This option will auto-generate your CSR based on your account information. -
Enter Contact Details
This option will allow you to enter your contact details manually, based on which a CSR will be generated. -
Paste Existing CSR
This option will allow you to paste an existing CSR to use for the creation of your SSL certificate.
System Insights
Wondering about how CSR information is processed securely by ZeroSSL? To learn more about our system and security measures, please navigate to the System Insights section of this Help Center.
Before finalizing your order, you will need to choose the encryption level used to generate your SSL certificate. The encryption algorithm defines the strength of the RSA key included in your Certificate Signing Request (CSR). Find three available options below:
-
RSA 2048 (Maximum Compatibility)
This is the default and most widely supported option. RSA 2048 provides strong security while maintaining excellent compatibility across servers, browsers, and devices. -
RSA 3072 (Stronger Security)
Offers enhanced cryptographic strength compared to RSA 2048. This option is suitable if you want increased protection and your infrastructure supports larger RSA keys. - RSA 4096 (Strongest RSA Security)
Provides the highest level of RSA encryption offered by ZeroSSL. While extremely secure, RSA 4096 may require more server resources and is not necessary for most use cases. - Using ECC (Elliptic Curve) Keys
If you prefer ECC encryption, you can paste a custom CSR in the previous step (CSR & Contact). ZeroSSL supports ECC certificates, but ECC keys must be generated manually using OpenSSL or a similar tool.
If you’re unsure which encryption level to choose, RSA 2048 is recommended for most users.
*If you upload a custom CSR in the previous step, ECC will be detected automatically.
Depending on your choices in steps 1-5, our system will automatically detect which subscription plan you will need to finalize your order. If you are satisfied with your choice of certificate settings and subscription plan, simply click "Next Step" to finalize your order and create your new SSL certificate.
⚠️You are experiencing issues while creating a Certificate?
Before contacting us please try the following three things:
- If your certificate is in draft status, please cancel the draft and try again
👉 Canceling SSL certificates - Visit this Troubleshooting article for further help!!
- Please check for an ongoing service incident.