DNS SSL Technology

Adding SSL to your GoDaddy Site for Free

Security is important, and web browser makers are making SSL pretty much mandatory. If you purchase a ssl cert you will be spending some coin, plus IMHO it is more complicated that doing it for free.

I will show you how I setup my GoDaddy sites with SSL certificates using and DoDaddy DNS.


  1. DNS Hosting on GoDaddy
  2. Web Sites Hosted on GoDaddy

Tools You May Use

  1. web site Please donate for the free service relative to your income. It keeps these type of services affordable for everyone.
  2. Web site
  3. Web site
  4. Web site
  5. Command or terminal prompt with nslookup

Step 1

Log into GoDaddy and click on DNS >> Manage Zones

Type in your domain name you want to add SSL to

look for existing TXT records that are named _acme-challenge and you see any delete them

Next, go to the web site and enter that same domain name without the www in it, click “Create Free SSL Certificates”

You will have three options, choose the Manual Verification DNS option.

Then click “Manually Verify Domain” button

  • Add a TXT record
  • Copy form sslforfree the host _acme.challenge and paste into host field of GoDaddy TXT record
  • Copy the value and paste into GoDaddy TXT Value field
  • Change the GoDaddy TTL to Custom and the Seconds to 600. that is the lowest GoDaddy allows.
  • Do the same fo the www record also. It will be identical to the first one but the _acme-challenge will have .www in it also
  • No open each sslForFree verify links in a new browser tab. Normally DNS record updates are available within 60 seconds or less. You should see something like the below. Key on the first sentance “TXT Record(s) Found.” if you see that you are good.

If you do NOT see that but rather see the below error, Go To Troubleshooting below.

No TXT Record Found. Make to set the TTL to 1 second or if you cannot set the TTL then you must wait the TTL (in seconds) so it updates before verifying the domain. Contact your DNS provider if unsure.

Assuming your DNS TXT records checked out, you can now click the button “Download SSL Certificate”. This will generate the certificate, private key and CA Bundle. These three blocks of text are required to be copied and pasted into GoDaddy. It will take about 30 seconds for the certs to be generated.

Once certificate is generated

  • Go to CPanel >> Search for SSL and select SSL/TLS.
  • Now Select Manage SSL Certificates link
  • Copy and Paste your certificate in the field called Certificate (CRT) and click the AutoFill by Certificate button
  • Copy and Paste the sslforfree field called private key into the GoDaddy Private Key (KEY) Field
  • Finally click the button at the bottom Install Certificate
  • Congrats, your SSL Cert is installed.
Click SSL/TLS link
Click the AutoFill by Certificate



  1. Confirm the SOA DNS shows your text records
  2. Confirm replication is taking place throughout the world

Use the Tools to verify Replication

  1. web site
  2. web site
  3. command or terminal prompt with nslookup

Confirm SOA is Correct

SOA or Start of Authority is what I call the master DNS Record holder. This is the GoDaddy name server that holds your DNS Records (what you just changed) and those changes get replicated to hundreds of DNS servers in the world. One of which SslForFree will query to see if your TXT record exists during verification.

To Get your DNS GoDaddy DNS server name you can use Enter your domain name and click SOA Lookup. This will show you the DNS server that your master DNS Record is in. the SOA server name is the Mname.

Once you know the master SOA server name you can use a command prompt to see if the Master Server is the issue or replication of DNS is the issue.

Go to your terminal prompt or command prompt and enter nslookup -q=TXT and the mName from SOA lookup tool. Obviously replace with your actual domain name.

Example lookup

This will return either the text value of the TXT record you queried, or will return “server can’t find NXDOMAIN”. this means that your actual DNS Record may be entered incorrectly, or there is a problem with the GoDaddy DNS server, contact GoDaddy.

WARNING: GoDaddy will certainly help with the DNS, but no so much with you trying to use the ssl from SSLFor Free. The sell a product for ssl certificates, and that is what they will recommend. So keep the call about DNS only.

Once your SOA DNS server is returning both TXT records, try and refresh the sslForFree verify pages again. Could be the replication has made it to them, and you can move on to generating your cert. If not yet, check the replication of the master SOA DNS Records. Go to and select TXT for the type and enter your full TXT Record including the domain name. You should see a map with either Green checks or red x’s. If you are green, then at this point you should be able to generate your ssl certs, and copy paste the cert, private key and ca bundle to GoDaddy and install your cert.

If you are still having issues, you should probably buy the GoDaddy certificate.