Changes to SSL for free subdomains

We’ve made some exciting updates to how SSL certificates work for free subdomains on InfinityFree! These improvements simplify things for you and help us ensure our hosting platform remains fast and scalable.

Here’s what’s new:

SSL by Default for All Free Subdomains

Good news! Every free subdomain under our supported domain names now comes with SSL enabled automatically. No need to request, install, or renew certificates yourself - we’ve got it covered!

We’ve implemented a system-wide SSL certificate that secures all free subdomains out of the box. That means better security for your site with zero effort on your part!

Custom SSL Certificates No Longer Needed (or Supported)

Since all subdomains are now protected by our automatic system-wide certificate, there’s no need to install your own SSL certificates anymore.

To keep things running smoothly and avoid server congestion, we’ve disabled the ability to install custom SSL certificates on free subdomains.

Reminder: “www” Subdomains Are Not Covered

Due to the way wildcard SSL certificates work, subdomains like www.example.ct.ws are not covered by the system-wide SSL certificate. Only direct subdomains (e.g., example.ct.ws) are supported.

If your site uses a www. subdomain, we recommend switching to the non-www version to ensure your visitors stay protected with HTTPS.

Existing custom certificates for www subdomains will continue to work until they expire. After that, they cannot be renewed.

No More SSL for Sub-Subdomains (e.g., blog.example.ct.ws)

Sub-subdomains—domains that look like something.example.ct.ws - will no longer support SSL. These were never officially supported and were only possible due to a bug in our system.

That bug has now been fixed. Going forward, you’ll only be able to create regular subdomains, which are fully supported and automatically secured.

Self-Signed Certificates for All Other Domains

If your domain doesn’t have its own SSL certificate installed, it will now be automatically secured using a self-signed certificate.

This is especially helpful if you’re using Cloudflare with Full SSL mode - you no longer need to manually request and install a self-signed certificate from our client area. These certificates will be applied automatically behind the scenes.

As a result, the option to request self-signed certificates will soon be removed from the client area, since it’s no longer necessary.

It’s from Ifastnet i suppose! It’s working for all subdomains provided in vpanel.

nice, no need to re-new ssl every month

Does this mean that HTTPS is forced, too? I liked the idea of setting it myself lol.

No, HTTPS will not be enforced for any websites. Just like how having an SSL certificate doesn’t automatically force all traffic to HTTPS.

All this will do is make every free subdomain capable of using HTTPS, without having to request an install a certificate. Whether you want to use HTTPS is still up to you.

But of course, for security, you really should consider it!

It’s amazing to hear that I don’t have to issue SSL certificates for most of my sites every 75 Days! (or less)

Thing is, if I still want to install my own issued SSL certificate for my (rf.gd-based) subdomain, could I still do it normally or would some sort of SSL conflict happen?

How it’s setup right now is that the default wildcard certificate takes precedence over certificates you upload yourself. This is why the www subdomain issues happen.

But when that’s resolved, there should be no reason to have your own certificate, it’s a worse experience in every way. So we don’t want to waste our server power to obtain and install such certificates.

So all my domains are custom domains, not Infinity Free sub domains. Will I still be able to apply the SSL certificates the same way I do now? Or will I need to use Cloudflare’s tools to get SSL certificates?

So you can still use htaccess to redirect to http://

Yes, according to Admin you can still use .htaccess to redirect your domain to either http:// or https://

I’m not sure why this is happening but after this change happened, my cloudflare configuration no longer works. According to my cloudflare account I have been on Full SSL mode for 3 years without issue but today I am getting error 525 or SSL handshake failed. I’m sure this is related to this post because I tried with just the domain and no subdomain (https://dmalsan.com) and I’m still getting the same error. Hopefully this gets resolved soon or if anyone has any ideas I’m open for suggestions.

Unrelated, this change only affects free sudomains, not custom domains. Make sure your certificate on IF is not expired.

Okay so I am not the only one that’s getting the Cloudflare’s SSL 525 Handshake error on dedicated domain (dkb.si). I thought it was something from my side, but I guess its not. I hope devs can fix this ASAP. I have created a separate issue regarding this - Cloudflare is unable to establish an SSL connection to the origin server

Not unrelated, I also have my own domain using CloudFlare and my site has the SSL handshake failed Error code 525.

I think it affected the custom domains too. I am facing the same issue after this change on my (dkb.si) domain. I tried getting another certificate from CF (Google Trust) and its still giving the same 525 SSL Handshake error. I hope you guys can look into the issue.

Subdomains of subdomains don’t seem to have SSL anymore, even though they’re installed:

Screenshot_20250511-063741720×1650 82.5 KB

Is this related to the www issue?

Nothing has changed for custom domains. You can still request and install your own SSL certificates as usual.

Regarding everyone who has Cloudflare errors, I checked some of your domains and I see all of them either do not have an SSL certificate installed, or the installed SSL certificate has expired.

Looking at the number of reports, it might be possible that something went wrong on the hosting side resulting in the SSL certificate being removed or an old certificate being moved back in.

In any case, you can fix it yourself by simply reinstalling your latest SSL certificate.

Ah, yes, I still needed to test those, I had the suspicion that these domains would be overlooked since it’s technically not supposed to be possible to create such subdomains in the first place.

I’ll notify iFastNet about this.

Thanks
Just wanted to be 100% sure

I’ve discussed the SSL changes with iFastNet, and a few more changes have been made to address some of the most urgent issues. However, there are a few important changes going forward:

• It is no longer possible to setup custom SSL certificates for free subdomains. All subdomains are only handled by the system-wide wildcard certificates.
• www subdomains of free subdomains are not covered by this certificate, due to the limitations of wildcard certificates. That means the www subdomain of a free subdomain will not have SSL. If you are hosting your website on a www subdomain of a free subdomain now, you should move it to the subdomain itself to continue to use HTTPS.
  • As a transition measure, existing certificates will remain in use on the www subdomain so you can update your website without further downtime. However, when it expires, you will not be able to renew it.
• Subdomains of free subdomains will no longer have SSL. It was never supposed to be possible to create them, the only reason you could create them anyway was due to a bug in how new accounts were created. This bug has now been fixed, but we cannot make accommodations to keep existing sub-subdomains working under this new setup. If you are using a sub-subdomain now, please consider moving the website to a separate subdomain.

I have also updated the announcement to better convey the changes.