As soon as your certificate has been issued, you can download it and install it on your web server. Issued certificates can be downloaded both from the certificates list as well as from the installation page.
When downloading a certificate, you will receive a ZIP file containing the following items:
certificate.crt: This file contains your primary SSL certificate, ready to be installed on your server.
ca_bundle.crt: This file contains the intermediate certificate (ZeroSSL CA), which links your certificate to a trusted root certificate. By default, the downloaded bundle includes the intermediate certificate required for most server setups. If you choose the “Download with root CA certificates” option, the ca_bundle.crt file will include the full certificate chain, including the root certificate.
private.key: This file contains your private key, which will need to be uploaded to your server.
🔐 Encrypted downloads
- The ZIP file is encrypted using AES‑256
- The passphrase is generated locally in your browser, it is never sent to ZeroSSL servers
- The passphrase can be easily copied to your clipboard with a single click
We strongly recommend using this option to keep your private key secure.
Important:
Make sure to copy and store your passphrase securely before downloading. A new passphrase is created each time you download the ZIP file, so it is important to ensure that each passphrase is stored correctly and can be matched to the corresponding file. The passphrase cannot be recovered and is required to access the contents of the ZIP file.
⚠️ Downloading without encryption
You can choose to download your certificate without encryption, but this is not recommended.
There is an increased chance of key compromise for private keys which are managed and stored in plain text. They shall be treated as secrets and encryption is highly recommended as an additional layer of security. Only reveal them when needed and manage them securely (for instance in a widely recognized password management or similar tool).
Missing Private Key?
There are two main reasons why your downloaded certificate (.zip) folder might not contain a private.key file. To learn more, please read this article.
Note: If the ZIP file does not contain the private key the download action is triggered immediately without the encryption, because the download does not contain any sensitive data.
⚠️ Are you experiencing issues while downloading a Certificate?
Before contacting us please try the following three things:
- If the link is not working, please try using Incognito mode or a different Browser
- Visit this Troubleshooting article for further help!
- Please check for an ongoing service incident.