Last Revised On: 3/16/2018
Please read the following agreement carefully. By submitting an application to obtain a Let’s Encrypt SSL Certificate and accepting and using such certificate, you indicate the acceptance of the following terms and conditions and you agree to be bound by them.
This Let’s Encrypt SSL Web Server Certificate Subscriber Agreement (this “Agreement”) is made by and between Let’s Encrypt and you, a certificate applicant and governs your application for, issuance and use of a Let’s Encrypt SSL Web Server Certificate. By accepting this Agreement, you represent that you have express authority to apply for and accept the Agreement on behalf of either (i) the organization named on the enrollment form (“Subscriber”), or (ii) an internet service provider, hosting company, or Let’s Encrypt reseller (“Partner”) who has express authority from the organization to apply for and accept the Agreement on such organization’s behalf. To the extent that Partner performs any obligations on behalf of the organization, the term “Subscriber” shall also apply to Partner. Both the organization and the Partner agree to be bound by the terms of this Agreement.
Subscriber hereby represents that it is fully authorized to apply for a Let’s Encrypt SSL web server certificate for secure and authenticated electronic transactions. The Subscriber understands that a digital certificate serves to identify the Subscriber for the purposes of electronic commerce, and that the management of the private keys associated with such certificates is the responsibility of the Subscriber and/or its contractors.
NOW, THEREFORE, in consideration of the above premises and the mutual covenants set forth herein, and for other good and valuable mutual consideration, the receipt and sufficiency of which are hereby mutually acknowledged, Let’s Encrypt and Subscriber agree as follows:
1. Definitions. For the purposes of this Agreement, all capitalized terms used in this Agreement shall have the meaning ascribed to them in this Section 1 and elsewhere in this Agreement.
“Certificate” means a record that, at a minimum (a) identifies the Certification Authority issuing it, (b) names or otherwise identifies its Subscriber; (c) contains a Public Key that corresponds to a Private Key under the control of the Subscriber, (d) identifies its operational period, and (e) contains a Certificate serial number and is Digitally Signed by the issuing Certification Authority.
“Certification Authority” means an entity which issues Certificates and performs all of the functions associated with issuing such Certificates.
“CSR” or “Certificate Signing Request” means a text file submitted with your enrollment form which contains the organization name, domain name, division, country, state, city and your Public Key and is used by Let’s Encrypt to generate your Certificate.
“Digital Signature” means a transformation of a message using an asymmetric cryptosystem such that a person having the initial message and the signer’s Public Key can accurately determine whether the transformation was created using the Private Key that corresponds to the signer’s Public Key and whether the message has been altered since the transformation was made.
“Digitally Signed” means the application of a Digital Signature to electronic data.
“Key Pair” means two mathematically related keys, having the following properties: (a) one key can be used to encrypt a message that can only be decrypted using the other key, and (b) even knowing one key, it is computationally infeasible to discover the other key.
“Public Key” means the key of a Key Pair used to verify a Digital Signature. The Public Key is made freely available to anyone who will receive digitally signed messages from the holder of the Key Pair. The Public Key is usually provided via a Certificate issued by a Certification Authority. A Public Key is used to verify the digital signature of a message purportedly sent by the holder of the corresponding Private Key.
“Private Key” means the key of a Key Pair used to create a Digital Signature. This key must be kept private.
“Subscriber” means a person or entity who (a) is the subject named or identified in a Certificate issued to such person or entity, (b) holds a Private Key that corresponds to a Public Key listed in that Certificate, and (c) the person or entity to whom Digitally Signed messages verified by reference to such Certificate are to be attributed.
“Trustworthy System” means computer hardware, software, and procedures that (a) are reasonably secure from intrusion and misuse, (b) provide a reasonable level of availability, reliability, and correct operation, (c) are reasonably suited to performing their intended functions, and (d) adhere to generally accepted security procedures.
2. Subscriber Obligations. In addition to complying with the terms of the QuickSSL Certificate Practices Statement (“CPS”) which are incorporated by reference into this Agreement, Subscriber shall comply with each of the following obligations: (a) provide information on the Certificate application that is correct and accurate, (b) generate a Key Pair using a Trustworthy System; (c) use the Certificate exclusively for authorized and legal Public and Private Key operations consistent with this Agreement; (d) protect the confidentiality of the Private Key from unauthorized use, access or disclosure; (e) use the Certificate only in conjunction with properly licensed cryptographic software, (f) promptly request that Let’s Encrypt revoke the Certificate upon any change to the information on the Certificate or the Certificate application, including, but not limited to the change of the organization name or domain name registration of Subscriber, (g) promptly request that Let’s Encrypt revoke the Certificate upon any actual or suspected loss, disclosure, or other compromise of the Private Key, and (h) install the Certificate on no more than one server at a time. Any failure of Subscriber to comply with each of the obligations under this Section 2 shall be a material breach of the Agreement. Subscriber acknowledges the inherent possibility of the compromise of Subscriber’s and/or another Subscriber’s Private Key, which may or may not be detected, and the possible use of a stolen or compromised Private Key to forge Subscriber’s or another Subscriber’s Digital Signature.
3. Let’s Encrypt Services. Under this Agreement, Let’s Encrypt is a Certification Authority. Let’s Encrypt shall only issue a Certificate upon authenticating and validating the application and enrollment information of Subscriber according to the CPS as may be amended from time to time by Let’s Encrypt. The CPS is available for viewing at: http://www.Let’s Encrypt.com/resources. Let’s Encrypt, in its sole discretion, may refuse to issue a Certificate to any Subscriber. Let’s Encrypt shall, consistent with this Agreement and CPS, and to the extent necessary or applicable, (a) receive and process the Certificate application, (b) send an acknowledgment to Subscriber of either the approval or rejection of the Certificate application, (c) if the Certificate application is approved, issue a Certificate, (d) publish the Certificate, (e) process all requests for Certificate revocation upon the receipt of an authenticated request from Subscriber, and (f) perform its other duties under the CPS. Let’s Encrypt shall have the right to revoke a Certificate upon (a) any change to the information on the Certificate or the Certificate application, including, but not limited to the change of the organization name or domain name registration of Subscriber or (b) any actual or suspected loss, disclosure, or other compromise of Subscriber’s Private Key. Upon request, Let’s Encrypt shall use reasonable efforts to provide to all requesting parties, including entities or persons using or relying on a Certificate, information concerning the status of such Certificate.
4. Fees. Subscriber shall pay to Let’s Encrypt or Partner (as applicable) the fees associated with the issuance of the Certificate upon the application therefor.
5. Confidentiality. Let’s Encrypt and Subscriber agree that certain information contained in the enrollment form may be confidential and proprietary information of the disclosing party (collectively “Confidential Information”) and agree to use such Confidential Information only in connection with its obligations hereunder or as permitted in the CPS. These obligations shall continue indefinitely for so long as the Confidential Information is a trade secret under applicable law and shall continue for two (2) years following termination of this Agreement with respect to Confidential Information that does not rise to the level of a trade secret. Notwithstanding the above, Subscriber hereby acknowledges and agrees that Let’s Encrypt (a) may publish certain information provided by Subscriber in the CSR in order to establish or update a unique business identification number profile; (b) may publish or otherwise disclose the serial number and other information contained on the Certificate in connection with Let’s Encrypt’s dissemination of Certificate status information; and (c) may collect information regarding the use of Certificates and disclose such information in its aggregated form.
6. Term and Termination.
- 6.1 Term. The term of this Agreement shall begin on the date the Certificate application is submitted to Let’s Encrypt and shall terminate immediately upon the earlier of (a) the end of the Certificate’s stated validity period, (b) the revocation of the Certificate, (c) the rejection of the Certificate application, (d) thirty (30) days after receipt of notice by Subscriber from Let’s Encrypt regarding a breach by Subscriber of its obligations under this Agreement which remains uncured for such period of time, or (e) receipt of notice by Let’s Encrypt from Subscriber of its intent to terminate this Agreement.
- 6.2 Effect of Termination. Upon the termination of this Agreement for any reason, Let’s Encrypt shall revoke the Certificate. Upon the revocation of the Certificate for any reason, Subscriber shall have no right in and shall not use the Certificate in any manner. Notwithstanding the foregoing, any use of the Certificate prior to the revocation of the Certificate or termination of this Agreement shall not be affected thereby.
- 6.3 No Damages or Indemnification for Termination. Neither party shall be liable to the other party for any costs or damages of any kind, including direct, indirect, incidental special, multiple, punitive, exemplary or consequential damages, or for indemnification of the party, solely on account of the lawful termination of this Agreement, even if informed of the possibility of such damages.
7. Disclaimer of Warranties. Let’s Encrypt AND PARTNER EXPRESSLY DISCLAIM AND MAKE NO REPRESENTATION, WARRANTY OR COVENANT OF ANY KIND, WHETHER EXPRESS OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, WITH RESPECT TO THE SERVICES PROVIDED OR THE CERTIFICATE ISSUED HEREUNDER, INCLUDING WITHOUT LIMITATION, ALL WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE OR USE OF THE SERVICES OR CERTIFICATE, AND ALL WARRANTIES, REPRESENTATIONS, CONDITIONS, UNDERTAKINGS, TERMS AND OBLIGATIONS IMPLIED BY STATUTE OR COMMON LAW, TRADE USAGE, COURSE OF DEALING OR OTHERWISE ARE HEREBY EXCLUDED TO THE FULLEST EXTENT PERMITTED BY LAW. Let’s Encrypt AND PARTNER FURTHER DISCLAIM AND MAKE NO REPRESENTATION, WARRANTY OR COVENANT OF ANY KIND, WHETHER EXPRESS OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, TO SUBSCRIBER OR ANY THIRD PARTY THAT (A) ANY SUBSCRIBER TO WHICH IT HAS ISSUED A CERTIFICATE IS IN THE FACT THE PERSON, ENTITY OR ORGANIZATION IT CLAIMS TO BE IN THE INFORMATION SUPPLIED TO Let’s Encrypt OR PARTNER, (B) A SUBSCRIBER IS IN FACT THE PERSON, ENTITY OR ORGANIZATION LISTED IN A CERTIFICATE, OR (C) THAT THE INFORMATION CONTAINED IN THE CERTIFICATES OR IN ANY CERTIFICATE STATUS MECHANISM COMPILED, PUBLISHED OR OTHERWISE DISSEMINATED BY Let’s Encrypt, OR THE RESULTS OF ANY CRYPTOGRAPHIC METHOD IMPLEMENTED IN CONNECTION WITH THE CERTIFICATES IS ACCURATE, AUTHENTIC, COMPLETE OR RELIABLE.
8. Disclaimer of Damages and Limitations of Liability. In no event shall Let’s Encrypt or Partner be liable for any default or delay in the performance of its obligations hereunder to the extent and while such default or delay is caused, directly or indirectly, by electronic or communications failures fire, flood, earthquake, elements of nature or acts of God, acts of war, terrorism, riots, civil disorders, rebellions or revolutions in the United States, strikes, lockouts, or labor difficulties or any other similar cause beyond the reasonable control of Let’s Encrypt. IN NO EVENT SHALL THE CUMULATIVE LIABILITY OF Let’s Encrypt OR PARTNER TO SUBSCRIBER OR ANY THIRD PARTY FOR ALL CLAIMS RELATED TO THE USE OF OR RELIANCE ON A CERTIFICATE OR FOR THE SERVICES PROVIDED HEREUNDER INCLUDING WITHOUT LIMITATION ANY CAUSE OF ACTION SOUNDING IN CONTRACT, TORT OR STRICT LIABILITY EXCEED THE AMOUNTS PAID BY SUBSCRIBER TO Let’s Encrypt OR PARTNER UNDER THIS AGREEMENT. UNDER NO CIRCUMSTANCES SHALL Let’s Encrypt OR PARTNER BE LIABLE TO SUBSCRIBER OR ANY THIRD PARTY FOR ANY INDIRECT, CONSEQUENTIAL, INCIDENTAL, MULTIPLE, SPECIAL, PUNITIVE, OR EXEMPLARY DAMAGES, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, THE ABOVE EXCLUSIONS OF INCIDENTAL AND CONSEQUENTIAL DAMAGES MAY NOT APPLY TO SUBSCRIBER BUT SHALL BE GIVEN EFFECT TO THE FULL EXTENT PERMITTED BY LAW.
9. Indemnification. The Subscriber hereby agrees to indemnify and hold GeoTrust and Partner and their officers, directors, employees, agents, successors and assigns harmless from and against any and all claims, losses, damages, judgments, costs and expenses (including attorneys’ fees) arising out of or related to Subscriber’s use of the Certificate.
10. Notices. Any notices between the parties shall be in physical or electronic writing. The parties shall send all notices by e-mail or first class mail, postage prepaid. Notices shall be effective upon receipt. GeoTrust shall send notices to Subscriber at the e-mail and/or physical address provided in the Certificate application. Subscriber shall send notices in writing to the following address: GeoTrust QuickSSL Notices, 40 Washington Street, Suite 20, Wellesley Hills, MA 02481 USA.
11. No Other Rights. By virtue of this Agreement, Subscriber does not acquire any right, title or interest of any kind in or to any trademark, trade name, service mark, logo, patent, copyright, or other proprietary right of GeoTrust.
12. Miscellaneous. Any controversy or claim arising out of or relating to this Agreement or the breach thereof will be settled by arbitration in Boston, Massachusetts, before and in accordance with the Commercial Arbitration Rules of the American Arbitration Association. The award rendered in that arbitration will be binding on the parties hereto, and judgment upon the award can be entered by any court having jurisdiction thereof. This Agreement shall be governed and interpreted according to the internal laws of the Commonwealth of Massachusetts, excluding choice of law provisions. For all disputes arising out of or related to this Agreement not covered by the Arbitration provision above, the parties irrevocably consent to the exclusive jurisdiction of the state and federal courts located in Boston, Massachusetts, United States of America. No modification of this Agreement shall be binding unless it is in writing and is signed by an authorized representative of the party against whom enforcement is sought. Notwithstanding termination of this Agreement, the following paragraphs shall survive, along with all definitions required thereby: Paragraphs 1, 2, 3, 5, 6, 7, 8, 9, 10, 11, and 12. This Agreement shall not be assigned by Subscriber without prior written consent of GeoTrust, and any attempt to assign any rights, duties, or obligations, which arise under this Agreement without such consent will be void. If any provision of this Agreement (or any portion thereof) shall be held to be invalid, illegal, or unenforceable, the validity, legality, or enforceability of the remainder of this Agreement shall not in any way be affected or impaired thereby. GeoTrust is not an agent, fiduciary, trustee, or other representative of Subscriber and the relationship between GeoTrust and Subscriber is not that of an agent and a principal. Subscriber does not have any authority to bind GeoTrust by contract or otherwise, to any obligation. This Agreement constitutes the complete and exclusive statement of the agreement between the Subscriber and GeoTrust with respect to the application for, acceptance of, and use of a certificate and supersedes any proposal or prior agreement, oral or written, and any other communications relating to this Agreement.