Skip to content

How to create the CNAME records for free SSL

To get a free SSL certificate from InfinityFree, you need to setup some DNS CNAME records on your domain name. This article describes how to do that.

Where do I set up the CNAME records?

The CNAME records should be set up with the DNS hosting provider of your domain name.

Most people will be using the InfinityFree nameservers ns1.epizy.com and ns2.epizy.com. This means you can add the records to the control panel of the hosting account hosting this domain name. The records can be added to the "CNAME Records" section.

If you are using InfinityFree nameservers, please make sure you are using ns1.epizy.com and ns2.epizy.com, not any byet.org nameservers. The byet.org nameservers have known issues which can cause random errors later on.

If your domain name is using different nameservers, you'll need to add the CNAME records to the nameservers of that provider. So, if your domain name is using Cloudflare nameservers, you need to setup the CNAME records at Cloudflare.

Which values do I need to add?

You can find the DNS CNAME records to add in the client area.

  1. Login to the client area.
  2. Go to the "Free SSL Certificates" section.
  3. Click the domain name for which you want to setup SSL. If you don't see your domain name in the list yet, you can also add it from this page.

What happens next depends on which SSL provider you're using.

If you're using Let's Encrypt:

  1. On the SSL domain main page, you'll see two CNAME records: one for _acme-challenge.example.com and one for _acme-challenge.www.example.com, each with their own Destination. These are the records you need to add.

If you're using GoGetSSL:

  1. Click the Request SSL Certificate button, or click the Pending certificate already there.
  2. On this page, you'll see one CNAME record, with a destination ending at comodoca.com. This is the CNAME record you need to add.

You should keep this browser tab open, because you'll need these records later.

Where can I configure my CNAME records?

The CNAME records should be set up with the DNS hosting provider of your domain name.

Most people will be using the InfinityFree nameservers ns1.epizy.com and ns2.epizy.com. This means you can add the records to the control panel of the hosting account hosting this domain name. The records can be added to the "CNAME Records" section.

If you are using InfinityFree nameservers, please make sure you are using ns1.epizy.com and ns2.epizy.com, not any byet.org nameservers. The byet.org nameservers have known issues which can cause random errors later on.

If you're using third party nameservers, like Cloudflare, you need to add the DNS records through the interface of your nameserver provider. Please check with your DNS provider to learn how to do this.

Custom CNAME records don't work with the control panel Cloudflare integration. The Cloudflare integration breaks custom DNS records, so you can't complete the verification while using it. You will need to disable the Cloudflare integration, and either use Cloudflare's nameservers, or not use Cloudflare at all.

How should I set up the CNAME records?

These instructions are for the CNAME Records section in the InfinityFree control panel. If you're using other nameservers, the instructions may be different.

In the CNAME Records section in the control panel, you will need to create the one or two CNAME records as shown in the client area.

For each of the CNAME records in the client area, do the following:

  1. Copy the value of the Record Name row, and paste it to the Record Name field in the control panel.
  2. Select the right domain name from the Domains dropdown in the control panel.
  3. Copy the value of the Destination row, and paste it to the Destination field in the control panel.
  4. Click the Add button.

Note about using subdomains

If you want to add SSL to a subdomain of your own domain, the information in the client area isn't entirely correct. The client area will say to select the subdomain (e.g. blog.example.com) but the control panel only shows the base domain (e.g. example.com).

So fix this, you can add the subdomain to the Record Name field. So if the client area says that the Record Name is _acme-challenge.www and the domain is blog.example.com, you can also create these with the record name _acme-challenge.www.blog and domain example.com.

I have added the CNAME records, what's next?

For now, you'll need to wait. DNS changes can take a while to take effect.

You can check the client area again in an hour. If you set the CNAME records correctly, it should say Ready next to Current Destination. If not, please go back and make sure you've set up your CNAME records correctly.

If the CNAME records show as Ready, you can now continue with the instructions in the client area.

  • For Let's Encrypt, you'll be able to click the Request SSL Certificate, which will start the process of creating the actual SSL certificate.
  • For GoGetSSL, the certificate will be requested automatically.

I've received my SSL certificate, should I delete the CNAME records?

You're always free to delete the CNAME records. Deleting the CNAME records will not break any SSL certificates that have already been issued.

If you're using Let's Encrypt, it's recommended to keep the CNAME record. That way, you don't have to set up the CNAME record again to renew your SSL certificate, which speeds up the process a lot.

If you're using GoGetSSL, you should delete the CNAME record. You'll always need to setup a different CNAME record for GoGetSSL, so there is no point in keeping them for an old certificate.