A lot of question here about getting free ssl and use it in infinityfree.
I add another !
my question is about certificate chain is incomplete.
Admin answered it somwhere in froum :
“You can ignore that error. Officially, you need to upload the .ca file as well, but you can’t do that on InfinityFree (only accounts on XVHOST support that). However, all modern browsers and devices will recognize it’s a valid certificate.”
but how we can ignore it when its make the certificate NOT TRUSTED ? byMozilla Apple Android Java Windows and updated operating systems!
let me translate Admins answer to you 
our dear Admin in infinityfree try to say
"My dear users I did my job in best to block any kind of free ssl , please understand and upgrade your account!
unfortunately I fall in love with my subdomain in infinityfree 
…
I’m sorry, but on which domain name did you see the SSL certificate with certificate chain, and which version of which browser on which device running which operating system did not accept this certificate? You say it’s the lack of a CA chain is causing trouble, but I’ve never seen any device where that really was the case.
This “issue” affects all SSL certificates of all vendors at all price points. This has absolutely nothing to do with blocking free SSL certificates. You can still upload Let’s Encrypt certificates and Comodo trial certificates without any problems, despite the fact that blocking them would be trivial.
There are many discussions here about importance of certificate chain and your response was the same all time , “most modern browsers trust cert without chain!”
see here please:
https://community.qualys.com/docs/DOC-1931
getting free Let’s Encrypt here absolutely impossible for infinityfree’s subdomains because no validation available here with Let’s Encrypt’s validation options! another note about Let’s Encrypt cert 4 files :
cert.pem that is the certificate for your domain
privkey.pem that is the private key
chain.pem that is the Let’s Encrypt intermediate certificate
fullchain.pem that is a combination of cert.pem + chain.pem
here you say only paste the content of cert file in certificate field . there is no other options for pasting other info if needed like chain.
Again: on which certificate on which domain do you see this problem? How does sharing a link saying an SSL checker also validates chains confirm that chains are required for an SSL certificate to be accepted?
Can you share a real example, rather than just background information?
There are people here who have managed to get Let’s Encrypt certificates through workarounds. They have been able to install it on their website, and their websites have green locks in the address bar because of their Let’s Encrypt certificates.
Let’s Encrypt doesn’t offer a validation method which works with our hosting. If the had offered CNAME validation or email validation, you could easily have issued a Let’s Encrypt certificate.
It’s a compatibility issue. We have not explicitly blocked Let’s Encrypt and Let’s Encrypt has not explicitly blocked InfinityFree. But that doesn’t mean you can use both of them together easily.
its not good I publish my infinityfree subdomain in forum also I don’t want, if you can let me send my subdomain with certificate problem to you .
can someone show us or guide how they have received their Let’s Encrypt certificates with infinityfree subdomain in free accounts? with which tricks? and how they install it in cpanel ssl/tls? why we haven’t a step by step guidance here to solve this problem forever ?
it’s obvious about validation problem ! but as you know you must used some scripts to reissue your Let’s Encrypt certificate automatically… and as I know there is no scripts for reissue it automatically by validations methods you mention above!
I sent you a PM you should be able to reply to.
The workaround involves using third party nameservers and/or Cloudflare, neither of which are possible on subdomains, only on custom domains. Cloudflare refuses to provide their services for subdomains, and we don’t let people change the nameservers of free subdomains.
So you may think “ah-ha, so you are blocking things to prevent us from using Let’s Encrypt!”.
But Let’s Encrypt has hard limits on how many certificates can be issued per registered domain. They won’t issue more than 50 certificates per week for epizy.com or rf.gd, so it’s impossible for everyone with a free subdomain to get their own SSL certificate.
Our goal is to solve this problem forever by automatically issuing and installing free SSL certificates on all free hosting websites with any domain. But we can’t do that yet because of a few technical challenges which we need to overcome before we can give every website HTTPS.
Saving you the technical details, doing so now would completely wreck the free hosting system and all domains on it. Which is why we cannot provide support for free SSL yet.
There are work arounds to get Let’sEncrypt certificates with InfinityFree, but it only works on TLD domains that you own. Sub domains simply won’t work with it.
thanks for great support , I answered .
I understand ,however we could test our chance but in this situation, no chance .
in one word . there is no option for getting free ssl for free subdomains.
thanks for reply , I know about that.
I saw the URL. It does appear that SSL certificates from SSL.com are not accepted by browsers. Certificates from Let’s Encrypt and Comodo don’t have this problem, but certificates from SSL.com do. I stand corrected.
Unfortunately, in practice this means that certificates from SSL.com cannot be used on free hosting. A new SSL system is being worked on which should remove this problem. But until then, I’m afraid you would have to upgrade your account to use certificates from this vendor.
If we could paste the content of certificate chain (ca-bundle) under the certificate codes I think this problem was solved but unfortunately there is another limitation… the system shows"It appears this certificate is in pem format / requires intermediates to function, this is not supported on free hosting."
Yes, that is the error message you see when you try to upload the domain certificate with the CA chain. Which isn’t necessary most of the time, but as we’ve seen here, there are exceptions.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.