GENERAL
EasySSL.us is an online service allowing you to automate SSL certificates application and renewal, so that you don't have any manual step to handle nor the need to install any software on your server.
Once you configure things up in your account, which is pretty simple, the system will create the certificate request, handle the challenge, upload the certificate directly to your server, and renew it when time arise.
Other solutions rely upon you installing specific software or add-on on your server. It can be cumbersome, especially if you have to handle multiple sites. If you change hosting or upgrade your system, you may have to reinstall and reconfigure it all, but with easyssl.us you won't need to. It's easier and you can manage all your certificates in a single place.
Currently we only support LetsEncrypt but since our system is fully ACME compliant we will add other CA very soon. In fact, you may already be able to enter the URL of any CA and try, but we only tested with LetsEncryt.
The first time, just provide the information for the certificate and, for automation, FTP details to upload it. Then, all goes by itself.
ACCOUNT
A valid email address and a password of your like. You may then provide further details within your account if you wish.
Yes, we take necessary steps to insure your data stay safe, and we don't share your data with any third party.
We may in the future offer paid features and premium accounts. Your free account, however, will remain free to use.
Yes, we provide support with easyssl.us for free too. We will try to address your concerns at our soonest available time.
You may close your account at anytime from your dashboard. However, all your data with us will be lost.
It's an unique ID that identify your account. It can be found in your online account, menu 'details'.
CERTIFICATE APPLICATION
In order to apply for an SSL certificate, the relevant authority will request some information (ie: domain name) and wish to verify you actually own the domain you request an SSL certificate for. The verification part is called the "challenge". Once the challenge is successful, the authority will deliver the certificate.
We currently handle HTTP and DNS challenges, which are appropriate for most uses. We may provide other challenges types in the future if required.
The authority will decide which challenge it wants to let you use regard each certificate request. Generally speaking, for a single domain you will have the choice between HTTP or DNS, but for a multiple or wildcard domain request you will need to use DNS.
With HTTP challenge, the authority request a specific, uniquely made file to be reachable on your web site to prove you own the domain for it. If the authority can reach that file and it assume you own the domain and will issue your SSL certificate.
With DNS challenge, the authority request you set up some specific DNS record. The authority will then issue a DNS request and if it return the relevant record it will assume you own the domain and issue your SSL certificate.
Nope, this is where our automation is handy. The file will be generated exactly as the authority request and uploaded to your web site using the FTP account you will have linked for that cert record with us.
Nope, this is where our automation is handy too. You will setup your DNS record once only to redirect to ours and we will return properly updated content upon each authority request anytime on your domain behalf.
CERTIFICATE RENEWAL
Process is pretty much the same as application. However, relying on our automation you won't have to do anything. Our system will reuse the information you provided at first.
Once the first certificate for a said domain is applied for and successfully retrieved, we will know its duration thus the necessary renewal date.
Usually, 3 days prior the renewal date. This is to insure you may take proper action if anything fail. For example, if the ftp account you provided is not valid anymore, or you changed server but forgot to update such details in your account.
FTP
Nope, but in order for the system to automatically upload files (HTTP challenge, Certificate) to your server, it needs FTP access. Later, we likely will provide other means (ie: SSH...) but yet we only use FTP and explicit FTPS.
At least one FTP user (server IP, server port, username, password) on the server where the file upload should take place. You may register more FTP users with our system, to use as you need.
You may restrict the FTP user access to, and only to, the target folder. easyssl.us will only be able to upload the file to that directory. So it is not possible for us, even if we wanted to, to mess with your server.
For the HTTP challenge, this is generally a folder .well-known/acme-challenge/ within your web site root. For the certificate upload, it depends which web server you use. For Apache the folder is generally etc/certs/your-domain/ .
Yes. First, you can set a specific path for the FTP user you register with us. Second, you can provide a specific path to add to that FTP user record with us at runtime. Leaves you endless combinations.
Yes, of course. On your server or in your easyssl.us account. However, to automate the upload our system needs a working FTP account.
DNS
Not if you intend to use HTTP challenge only. But for multiple/wildcard domain certificate our system will switch to DNS challenge.
You only redirect a single record relevant to challenge, nothing else, thus your domain other DNS records remain untouched and will not be impacted.
Let say your domain is 'mydomain.com'. The authority will check for a DNS record '_acme-challenge.mydomain.com'. Thus, you create a CNAME record for '_acme-challenge.mydomain.com' and have it point to 'mydomain.com.uxxxx.validation.easyssl.us' where xxxx should be your user ID at easyssl.us.
AUTOMATION
Based on the information you will provide on the 'create certificate' form within your account, we will generate CSR and key pairs, submit them to the Certificate Authority (CA), retrieve the challenge data, generate the challenge file (HTTP challenge) and upload it to your server, trigger the challenge check with the authority, retrieve the certificate from the authority once ready and upload it to your server. Then, on renewal time, we will reuse the information you initially provided and handle renewal, which typically is the same process.
You can simply tell us the domain name on the form. From there, we will handle all technical steps and your certificate will be delivered on your server initially and at each renewal.
For the certificate itself, nothing. However, you may have to configure SSL for the said domain on your web server.