GetHTTPS and ZeroSSL both offer free SSL certificates through a web interface — no command-line tools needed. But they differ in critical ways: free tier limits, how your private key is handled, and wildcard support. This guide breaks down the differences.
Quick comparison
| Feature | GetHTTPS | ZeroSSL |
|---|---|---|
| Free certificates | Unlimited | 3 (then $10/month+) |
| Certificate Authority | Let’s Encrypt | Sectigo (ZeroSSL CA) |
| Wildcard support | ✅ Free (DNS-01) | ❌ Paid only |
| Private key generation | In your browser (Web Crypto API) | Dashboard: on their server; ACME: local |
| Account required | No | Yes (email) |
| ACME protocol | Built-in (browser-based) | Yes (separate endpoint) |
| REST API | No | Yes (paid plans) |
| Certificate validity | 90 days | 90 days (free) / 1 year (paid) |
| Multi-domain (SAN) | ✅ | ✅ |
| Pre-check verification | ✅ | ❌ |
| Open source | No | No |
| Challenge types | HTTP-01, DNS-01 | HTTP, DNS, Email |
| Proxy/middleware | None | None (ACME) / Yes (dashboard) |
When to use GetHTTPS
You need more than 3 free certificates
ZeroSSL’s free tier is limited to 3 certificates. After that, you need a paid plan starting at $10/month. GetHTTPS has no such limit — you can issue as many certificates as Let’s Encrypt allows (50 per domain per week, which is more than enough for any use case).
You need a free wildcard certificate
ZeroSSL restricts wildcard certificates to paid plans. GetHTTPS supports wildcard certificates for free via DNS-01 challenge — the same capability that Certbot offers.
You want your private key to stay in your browser
When you use ZeroSSL’s web dashboard, the private key generation may happen on ZeroSSL’s server. They send you the key — but they’ve had access to it. With GetHTTPS, the key is generated in your browser using the Web Crypto API and never leaves your device.
You don’t want to create an account
GetHTTPS requires no account, no email, no registration. ZeroSSL requires email signup.
You want pre-check verification
GetHTTPS verifies your challenge configuration from the public internet before submitting to the CA. This catches configuration errors early. ZeroSSL doesn’t offer this.
When to use ZeroSSL
You want a REST API for automation
ZeroSSL offers a REST API for certificate lifecycle management — issuance, renewal, and revocation via HTTP calls. This is useful for platforms that need programmatic certificate management. GetHTTPS is browser-based and doesn’t expose an API.
You prefer email validation
ZeroSSL supports email-based domain validation — you receive an email at admin@yourdomain.com and click a link. This doesn’t require any server access or DNS changes. GetHTTPS only supports HTTP-01 and DNS-01 challenges.
You need 1-year certificates
ZeroSSL’s paid plans offer certificates with 1-year validity, reducing renewal frequency. Let’s Encrypt (and therefore GetHTTPS) only issues 90-day certificates.
Privacy comparison
| Aspect | GetHTTPS | ZeroSSL (web dashboard) | ZeroSSL (ACME) |
|---|---|---|---|
| Private key generation | Browser (Web Crypto) | ⚠️ Server-side | ✅ Local |
| Account data | None | Email required | Email required |
| Parent company | Independent | Sectigo (commercial CA) | Sectigo |
| Data retention | None | Per privacy policy | Per privacy policy |
If you use ZeroSSL’s ACME endpoint with a local client like Certbot or acme.sh, the private key stays local. The privacy concern only applies to their web dashboard.
The verdict
| Your situation | Use |
|---|---|
| Need >3 free certs | GetHTTPS |
| Need free wildcard | GetHTTPS |
| Care about private key privacy | GetHTTPS |
| Need REST API automation | ZeroSSL (paid) |
| Want email validation | ZeroSSL |
| Want no-account simplicity | GetHTTPS |
For most individual developers and small teams, GetHTTPS is the better free option — no limits, no account, and better privacy. ZeroSSL makes more sense if you need their REST API or email validation and are willing to pay for a plan.
ZeroSSL pricing reality
ZeroSSL’s free tier sounds generous until you hit the limits:
| Plan | Free | Basic ($10/mo) | Premium ($50/mo) | Business ($100/mo) |
|---|---|---|---|---|
| 90-day certs | 3 | Unlimited | Unlimited | Unlimited |
| 1-year certs | 0 | 3 | Unlimited | Unlimited |
| Wildcard | ❌ | ❌ | ✅ | ✅ |
| Multi-domain | ❌ | ❌ | ✅ | ✅ |
| REST API | ❌ | ✅ | ✅ | ✅ |
| ACME access | ✅ | ✅ | ✅ | ✅ |
With GetHTTPS + Let’s Encrypt: all of the above is $0, including unlimited certificates, wildcard, and multi-domain.
ZeroSSL’s ownership chain
Understanding who owns ZeroSSL matters for evaluating trust:
- ZeroSSL — originally an independent startup
- Acquired by Sectigo (formerly Comodo CA) — one of the largest commercial CAs
- acme.sh — the popular open-source ACME client is now “officially maintained by ZeroSSL” (changed default CA from Let’s Encrypt to ZeroSSL in 2021)
Sectigo sells paid certificates. ZeroSSL’s free tier is a funnel to paid plans — the 3-certificate limit exists to drive conversions, not for any technical reason. Let’s Encrypt, as a nonprofit, has no such incentive.
Workflow comparison
Getting a certificate with GetHTTPS
- Open gethttps.com/app/setup
- Enter domain(s) — no account, no email
- Complete HTTP-01 or DNS-01 challenge
- Pre-check validates before submitting to Let’s Encrypt
- Download PEM files
Time: 3-5 minutes. Account needed: No.
Getting a certificate with ZeroSSL (web dashboard)
- Go to zerossl.com → Sign Up (email required)
- Verify email
- Enter domain(s)
- Choose validation method (HTTP, DNS, or Email)
- Complete validation
- Download certificate + key
Time: 5-10 minutes. Account needed: Yes (email).
Key difference: ZeroSSL’s dashboard may generate the private key on their server. You receive the key — but they’ve had access to it. With GetHTTPS, the key is generated in your browser and never leaves your device.
Frequently asked questions
Is ZeroSSL really free?
ZeroSSL’s free tier gives you 3 certificates with 90-day validity. After that, you need a paid plan starting at $10/month. GetHTTPS and Let’s Encrypt have no such limits — unlimited certificates forever.
Are ZeroSSL certificates trusted by browsers?
Yes. ZeroSSL certificates are issued by Sectigo (formerly Comodo), trusted by all major browsers. Let’s Encrypt certificates (used by GetHTTPS) are equally trusted.
Can I switch from ZeroSSL to GetHTTPS?
Yes. Generate a new certificate with GetHTTPS for the same domain and replace the files on your server. No migration needed.
Is ZeroSSL’s ACME endpoint the same as their web dashboard?
No. ZeroSSL’s ACME endpoint (used with Certbot/acme.sh) keeps the private key local — same as any ACME client. The privacy concern is specific to their web dashboard, which may generate keys server-side.
Why did acme.sh switch its default CA to ZeroSSL?
In 2021, acme.sh changed its default CA from Let’s Encrypt to ZeroSSL as part of a commercial partnership (ZeroSSL/Sectigo now sponsors acme.sh development). You can still use acme.sh with Let’s Encrypt by adding --server letsencrypt.
Can I switch from ZeroSSL to GetHTTPS?
Yes. Simply generate a new certificate with GetHTTPS for the same domain and replace the files on your server. No migration needed — you’re just replacing one PEM file with another.