Let’s Encrypt is a nonprofit organization, on a mission to create a more secure and privacy respecting Web by promoting the widespread adoption of HTTPS.

Techlister.com creates a compressed zip folder (*.ssl.zip) which contains the private key and certificate bundle. Zip file is then encrypted with your public key, generated on your PC's browser and sent to us before you start the final validation of your domain. Zip file remains encrypted till you download it in the next step (after SSL has been successfully issued). When you click Download ssl.zip, server sends the encrypted zip and server's public key to your browser, your browser then decrypts the file and downloads it. The zip file is removed after you have downloaded it.

We use Ephemeral Elliptic Curve Diffie–Hellman (ECDH) Key Exchange, which means, both client and server generate new keys everytime SSL Certificate has been generated, and keys are discarded after download has been completed.

Without Server's Private Key or Your Private Key, no one can decrypt the final *.ssl.zip that contains the private.key, certificate.crt and ca_buncdle.crt

Techlister.com do not store your private keys or certificate bundles on its servers. Final *ssl.zip file that contains private.key, certificate.crt, ca_bundle.crt remains encrypted till you download the file and deleted once you have downloaded it.

Let's Encrypt certificates are valid for 90 days. You can read about why here.