Your Private Keys Never Leave Your Browser - We Collect ZERO Data
100% Client-Side Security & Privacy: Your private keys are generated entirely in your browser using Web Crypto API. They are NEVER transmitted to our server or any third-party server. We act as a pure proxy - we don't collect, log, or store your private keys, email, domains, or any personal data.
Security & Privacy - Complete Transparency
How FreeSSL protects your private keys and ensures complete security
Our Security Promise
Using Web Crypto API - never on our server
From Let's Encrypt to your browser - we never intercept
We don't collect email, domains, or any personal data - pure proxy only
You can inspect our code - nothing hidden
How FreeSSL Works - Complete Technical Flow
Understanding exactly what happens to your private keys at each step helps you make an informed decision. Here's the complete, transparent process:
Account Key Generation (Your Browser)
When you click "Register," your browser generates an account keypair using window.crypto.subtle.generateKey().
✓ Sent to server: Public key ONLY (used for Let's Encrypt registration)
✗ Never sent: Private account key stays in browser
Server Role: Pure Proxy - Zero Data Storage
Our server is a pure proxy that forwards requests between your browser and Let's Encrypt. We act as a middleman for technical reasons (browser limitations with ACME protocol).
- Forward email & domains to Let's Encrypt (required by ACME protocol)
- Forward signed requests (signed with your private key in browser)
- Return Let's Encrypt's responses back to your browser
- Verify DNS records via Google Public DNS (to check TXT records)
⚡ Temporary only: Data flows through during session - instantly forwarded to Let's Encrypt
✓ Zero storage: We don't save, log, or store email, domains, or any data
✗ Never see: Private keys (they NEVER leave your browser)
Certificate Private Key Generation (Your Browser)
When creating your certificate order, your browser generates a NEW keypair for the certificate itself.
✓ What we receive: CSR (Certificate Signing Request) with public key
✗ Private key: Remains in your browser, never transmitted anywhere
Certificate Issuance (Let's Encrypt → Your Browser)
After DNS verification, Let's Encrypt issues your certificate:
Certificate (public): Passes through our server → Delivered to your browser
Private key: Already in your browser, never transmitted
Download & Use (100% Client-Side)
You download both files directly from your browser's memory:
- certificate.crt - Public certificate (received from Let's Encrypt)
- private.key - Private key (generated & stored in your browser only)
Blob and URL.createObjectURL()✓ Files created: In your browser's memory, then saved to your computer
✓ Server involvement: ZERO - Pure client-side download
Visual Data Flow
Verify It Yourself - Inspect Our Code
Don't just trust us - verify it yourself! Open your browser's Developer Tools (F12) and:
Watch all API requests. You'll see we only send public data (CSR, domain names, signed requests). Private keys are never in any network request.
Search our JavaScript code for crypto.subtle.generateKey. You'll see keys are generated client-side.
Find the download functions. You'll see we use Blob and createObjectURL - pure client-side downloads.
We log all operations to console for transparency. You'll see exactly what happens at each step.
FreeSSL vs Other Methods
| Method | Private Key Location | Security Level |
|---|---|---|
| FreeSSL (This Tool) | Your browser only | HIGHEST |
| Certbot (Command Line) | Your server | High |
| Server-Side Generators | Third-party server | Medium |
| Online Generators (Server-Side) | Provider's server | LOW |
Security FAQs
Q: Can you see my private keys?
No. Private keys are generated in your browser using Web Crypto API and never leave your device. They're never transmitted to our server or any other server.
Q: Do you log or store certificates?
No. Certificates are delivered directly from Let's Encrypt to your browser through our proxy. We don't log, store, or have access to your certificates or keys.
Q: What data do you collect?
We collect NOTHING. Your email and domain names are sent directly from your browser to Let's Encrypt's API (they require this for registration). Our server only acts as a proxy - we don't collect, log, or store your email, domains, or any personal information.
Q: Where does my email and domain information go?
Your email and domains go directly to Let's Encrypt through our proxy. Think of us as a secure tunnel - data passes through but we don't read, store, or log it. Let's Encrypt requires this information for certificate issuance and expiration notifications.
Q: How can I verify this claim?
Open your browser's Developer Tools (F12) and check the Network tab. Monitor all requests and you'll see that private keys are never transmitted. You can also inspect our JavaScript code.
Q: Is this safer than other online generators?
Yes. Most online generators create keys on their servers. FreeSSL generates keys entirely in your browser, making it one of the safest ways to get free SSL certificates online.
Why You Can Trust FreeSSL
Still have questions? Contact us
Step 1: Account Setup
Register with Let's Encrypt to begin generating your free SSL certificate
Your email will be used for important certificate expiration notices and account recovery. We recommend using staging mode for testing to avoid rate limits.
Recommended for testing. Staging certificates won't be trusted by browsers but help you avoid production rate limits.
Step 2: Domain Configuration
Specify the domains you want to secure with an SSL certificate
- Enter one domain per line
- Use *.example.com for wildcard certificates
- Maximum 100 domains per certificate
Examples: example.com, www.example.com, *.example.com (wildcard)
Step 3: DNS Verification
Add the following DNS TXT records to verify domain ownership
Step 4: Certificate Issuance
Finalize and download your SSL certificate
Your SSL certificate has been generated successfully. Download your files below.
Keep your private key secure and never share it. Install both files on your web server to enable HTTPS.
Processing...
This may take a few moments