Skip to content

Frequently Asked Questions

How fast is SSLMate?

Really fast. In nearly all cases, it takes less than a minute from the time you order a certificate to the time you have both a key and certificate file sitting on your filesystem.

What platforms does SSLMate support?

The key and certificates generated by SSLMate can be used with any server platform, and work in any modern web browser.

The sslmate command line tool is officially supported on several popular Linux distros and macOS and can also run anywhere that has a Perl interpreter and OpenSSL. See our install page for more information.

If you can't run the sslmate command line tool, you can order a certificate from your web browser instead.

Do you support wildcard certificates?

Yes! When ordering your certificate, put *. before your domain name, like this: *

Do you support multiple hostname/domain (aka SAN/UCC) certs?

Yes! When ordering your certificate, specify multiple hostnames or wildcard domains on the command line to sslmate buy, like this:

sslmate buy "*"

See Certificate Pricing for more information about how certificates with multiple hostnames are priced.

Will a certificate for also work for

It will if you want to! Just specify both names when ordering a certificate. There is no extra charge for doing so.

What types of payment do you accept?

We accept the following credit/debit cards: Visa, MasterCard, American Express, JCB, Discover, and Diners Club.

We do not accept PayPal or Bitcoin. SSLMate is all about automation, and PayPal and Bitcoin require manual steps for every payment.

How do you use my credit card number?

We ask for your credit card number when signing up so we don't have to ask for it every time you buy a certificate. Rest assured, we do not charge your credit card until you actually purchase a certificate.

Keeping your credit card on file also lets your certificates automatically renew, ensuring that you never let a site go down because you forgot to renew a certificate. Auto-renewal is easy to disable if you don't want it, and we always send an email one week before charging your credit card in case you don't need the certificate anymore.

Note that we don't store your credit card number directly; our payment processor, Stripe, does.

What's your refund policy?

Please see our Refund Policy.

What browsers do your certificates work with?

Any modern browser. SSLMate's certificates have been tested successfully in browsers as old as IE6 on Windows XP SP3.

What kinds of certificates do you issue?

Our SSLMate Basic service issues PositiveSSL certificates from Sectigo (formerly known as Comodo Certification Authority).

Our SSLMate for SaaS service issues Let's Encrypt certificates.

SSLMate may use different certificate authorities in the future. Unlike other SSL certificate vendors who present you with a confusing choice of five or more different brands, SSLMate tracks the industry closely and only offers certificates from the very best.

What's the approval process for getting a certificate?

See our approval documentation.

What can I do if I don't receive the approval email?

First, please be sure to double-check your spam folder.

Next, you can try resending the approval email using the sslmate retry-approval HOSTNAME command. You can also try resending the approval email to a different address using the sslmate edit command as follows: sslmate edit HOSTNAME --email=ADDRESS. (ADDRESS must be one of the acceptable addresses listed when you run sslmate buy).

If you're still having problems, you can get in touch with support.

Do you sell Extended Validation (EV) or Organization Validation (OV) certs?

No. EV/OV certs provide no additional security over DV certs and as of 2020 are not displayed any differently by Chrome, Firefox, or Safari. Their main distinguishing features are that they are more expensive, take longer to issue, and can't be automated.

How many servers can I install my SSLMate certificate on?

Any number. SSLMate certificates come with an unlimited server license.

Do you sell multi-year certificates?

No. As of 2020, multi-year certificates are forbidden by industry regulations. Fortunately, SSLMate automates the renewal process so that yearly renewals are extremely easy.

Where is my private key generated and stored?

Your private key is generated exclusively on your system and is never transmitted to or stored by SSLMate. The sslmate command line program is open source and can be audited to verify that this is true.

What size key does sslmate generate?

The sslmate command generates a 2048 bit RSA key. This is widely considered the best size for SSL: 1024 bit keys are inadequately secure, and 4096 bit keys slow down browser connections without providing an appreciable security gain.

Does SSLMate support elliptic curve (ECDSA) certificates?

Yes. Pass the --key-type=ecdsa option to sslmate buy to generate an ECDSA key. The resulting certificate will be signed with ECDSA.

Note that while ECDSA is faster than RSA, it is supported by fewer clients. If support for IE 8 on Windows XP, Android 2.3, or Java 6 is important, do not use ECDSA. If in doubt, do not use ECDSA.

SSLMate generates a key on the NIST P-256 curve (aka prime256v1 or secp256r1).