SSL CDN: Free Custom SSL for your CDN

custom cdn ssl

HTTPS ensures secure communication over the Internet. We offer three options when it comes to an SSL CDN: Shared SSL, Custom SSL with your own certificate, and custom SSL with Let’s Encrypt. All methods offer the same security standard and come for free! Yes, even Custom SSL comes for free if you bring your own certificate.

Shared SSL CDN

Shared SSL is ideal to get started within minutes. You only need to enable the option in the dashboard and you’re ready to go. Simply use HTTPS when you request files from our CDN.

Why You Need a Custom?

Custom SSL only makes sense if you use CNAMES (Zonealiases). It’s a convenient way to use CNAME in combination with SSL. Using a zonealias and or custom CDN URL can be benefical for both branding and SEO.

Custom SSL with Certificate

You can either send us your existing certificate or we can issue a certificate. Custom SSL is completely free if you bring your own certificate! Other CDNs charge as much as $7200/year for Custom SSL. Beside a normal certificate, you can also send us wildcard or SAN certificates. In this case you can maintain several CNAMEs if your certificate supports it. Make sure that you update your DNS before you start using your CNAMEs. Our Custom SSL is based on SNI.

Custom SSL with Let’s Encrypt Integration

KeyCDN also has an integration with Let’s Encrypt in which you can use custom SSL for free. It offers domain validated certificates. To enable follow the steps below.

  1. Navigate to your zone’s advanced settings in the KeyCDN dashboard by going to Zones → Manage → Edit → and select Show Advanced Features. 
    free ssl cdn
  2. Scroll down to the SSL section and from the drop-down list select the LetsEncrypt option. 
    cdn ssl Let's Encrypt

Overview of SSL CDN certificates

Deployment Instantly available Deployment within a day Instantly available
Validity Valid for one zone Valid for one or more CNAMEs Valid for one zone
Action steps on your side None Send us your certificate if you want to use your own.Update your DNS! None
Cost Free Free of charge if you bring your certificate! Free

In case you bring your own certificate, please make sure it’s valid for at least one year. You can easily check the validity of your certificate with the following command on a unix machine:

openssl x509 -in certificate.crt -text -noout

Alternatively you can check the expiry date of your custom certificate on a site like Certificate Decoder.

Shared SSL is good enough in most cases but as soon as CNAMEs come into play you might consider a Custom SSL CDN. We’re happy to support you during the setup. Let us know if you have questions!

Related Articles

SSL CDN: Free Custom SSL for your CDN was last modified: March 1st, 2017 by Jonas Krummenacher
  • Olivier L.

    Incredible. KeyCDN offers a SSL certificate for nothing ($0) while the other competitors sell it for hundreds dollar!

    • Jonas Krummenacher

      True! The CDN landscape has changed quite a lot in recent years and some CDNs are still charging the same SSL fees.

  • Could you clarify as to the benefit/need for creating a subdomain/cname solely for the purpose of the Custom SSL? My website doesn’t otherwise use a subdomain, and I am unclear as to when to use and when to use Thanks!

  • Robin Willson

    Hi, KeyCDN, I am still confusing.
    Let’s say I have a SSL point to one domain, is certified.
    And I put all my content under the main domain,
    I want to publish my link as
    Then which type SSL do you recommend me to use?

    • Let me make sure I understand this correctly. Your domain is and you have SSL with your web host installed on it. Then you want to add a CDN with Correct? If so, you can use two options. Custom SSL, or Let’s Encrypt to get SSL up and running on your CDN zone URL. *I would recommend Let’s Encrypt* since it is a one click install and free. You can’t use shared because that doesn’t support a custom CDN URL. And remember that custom requires you to purchase an SSL cert and upload it to the dashboard. Hopefully that helps!

      • Robin Willson

        Get it, Thanks.

      • Robin Willson

        Further question,,
        My domain is using SSL from namecheap.
        And I use Let’s Encrypt SSL in KeyCDN, It now has problem loading CSS file.
        Should I also change my domain’s SSL as Let’s Encrypt?

  • Lets encrypt:

    Has anyone else had this problem?

  • GishanNet

    This is incredible news. How is this even possible?
    The question is “Is this only SNI” ?
    Else do you assign a dedicated IP from each POP for the certificate ?

    • The custom SSL is based on SNI.

  • Hepsu

    I know this is an old post, but is the LE still in beta? So having LE with,, and, is not an option?
    What is the 29 dollar/year certificate that is mentioned in the text? There is no information about it elsewhere.
    If my site uses different certificate than CDN, will they clash?

  • Correct, having multiple subdomains served over Let’s Encrypt SSL isn’t an option yet, however it’s still on our roadmap. The $29/year section was some old information that I have now updated. Essentially you just need to bring your own certificate if you choose custom SSL. Lastly, no the certificates won’t clash if they are different just make sure each certificate is associated to the proper domain.

    • Hepsu

      One question more… If I would order a cheap certificate, e.g. Comodo PositiveSSL, like in this example:
      would one certificate cover my all three zonealiases, or would I need one certificate for each?

      • You would need a certificate where you could define multiple subdomains that it would be valid for. Alternatively, you could also purchase a wildcard certificate.

  • Angelo Lazaro

    Hi, I’m sorry for maybe somewhat noobish questions but I’m curious what are the benefits of having custom ssl does it matter if you already have an EV SSL on your domain? Thanks!

    • Having custom SSL allows you to define and deliver assets using a CNAME such as, instead of just the default Zone URL. If you are planning on implementing custom SSL, you must ensure that your certificate is valid for the subdomain you want to define. You can also achieve this with the Let’s Encrypt option so that you aren’t required to purchase a new certificate.

      The bottom of this post also outlines the advantages of using a Zonealias

Share This