SSL certificates encrypt the data between your web browser and the web server hosting the website, keeping sensitive data submissions like your billing details safe. If you see a lock icon beside the website name in your browser, the site has an SSL certificate installed on it and your information is secured.

• Creating a CSR for your certificate
• Purchasing your SSL certificate
• Viewing the status of your SSL certificate
• Resending the approval email
• Downloading the CA Bundle for your SSL Certificate
• Reissuing or renewing an SSL certificate
• Canceling an SSL certificate

Creating a CSR for your certificate

A Certificate Signing Request (CSR) is a unique code generated by a web server containing information about your website that will be used to produce the final certificate. Anytime a CSR is generated, a private key is saved on the same server. Below is an example of what a CSR and a private key may look like.

You will need to ask your web hosting provider to create a CSR to purchase your certificate. Depending on which certificate authority is used, there are different ways to generate the CSR on web servers.

• GeoTrust/RapidSSL
• Sectigo
• DigiCert

Back to top

Purchasing your SSL certificate

Once you have generated the CSR, you will need to submit it within your account.

1. Login to your account and navigate to Security, followed by SSL Certificates and Manage.
   
   
2. Click Add new to purchase a certificate and go through the checkout process.
3. Come back to the list of certificates in your account and select Not configured.
   
4. Paste the full CSR and update the contacts if necessary, followed by pressing Submit certificate.
   Important: Be sure to include the -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- in your CSR. If you receive any errors about your CSR, use a CSR checker to examine if you are submitting a valid CSR and fix any outstanding errors.
   
5. Select an approval email address and press Submit certificate. You will then shortly receive an email asking you to verify your domain. Only after this will you receive a second email with the certificate.
   Note: The approval email addresses are generated by the certificate authority and cannot be modified. If you cannot create any of the addresses, submit a support ticket and request to change the approval method to add a host record entry to your domain DNS settings.

Back to top 

Viewing the status of your SSL certificate

1. Navigate to Security, followed by SSL Certificates and Manage.
2. You can view the status of all your certificates or choose any domain name for more information.
   
3. Once you select an SSL certificate, you can view its details.
   

Back to top 

Resending the approval email

For Sectigo certificates, you will need to contact our support team to have the approval email resent.

For GeoTrust, RapidSSL and Digicert certificates, it can be resent directly from your account.

1. Navigate to Security, followed by SSL Certificates and Manage.
2. Choose the certificate you want the approval email to be resent for.
3. Select the Resend approval email link at the top of the page.
   Note: It can take up to one hour for this email to arrive.
   

Back to top 

Downloading the CA bundle for your SSL certificate

If your SSL certificate is returning as untrusted when visiting your website, you will need to install the missing intermediate Certificate Authority (CA) files. Without these files, your SSL certificate is missing important files that web browsers need to verify your site as secure.

Most SSL certificate purchases already include these files in the fulfillment email you received. However, you can also download the CA bundle directly from your corresponding certificate authority.

• ​GeoTrust
• Sectigo
  • A further breakdown for the intermediate certificates
• DigiCert
• RapidSSL

Customers can download Digicert and GeoTrust certificates from the guest portal as well.

Back to top  

Reissuing or renewing an SSL certificate

Digicert and GeoTrust certificates can be reissued through the guest portal without the need to contact support. To reissue a Sectigo certificate, submit a support ticket with the new CSR. Include the following in the request as well:

• SSL brand (Digicert, GeoTrust, Sectigo)
• Order ID number
• Reference ID number
• Common name/domain
• Approval email address

There is no auto-renew option available, you must purchase a new SSL certificate of the same type and configure it with identical information as the original.

* For DigiCert, GeoTrust, and RapidSSL certificates, the remaining days do not carry over to the new certificate. If the existing certificate was purchased on June 1, 2020, with an expiry of June 1, 2021, and the renewal certificate order is purchased on May 1, 2021, the new expiry will be 30 days after May 1, 2022, not June 1, 2022.

To renew the SSL, the following criteria must be satisfied: 

• The Certificate Name (CN) must match the previous certificate.
• The certificate type must be the same as the expiring certificate.
• The same Enom account must place the order for the renewing certificate.
• DigiCert allows renewals within 89 days of expiration.
• The renewal is not extending time from the current active certificate but adding 30 days to the new one. 
• There is no auto-renew option available, you must purchase a new SSL certificate of the same type and configure it with identical information as the original. This will not apply retroactively. 

Back to top 

Canceling an SSL certificate

If the certificate status is shown as issued and is a Sectigo certificate, contact our support team with your request to cancel and include the certificate Order ID number.

For Geotrust, RapidSSL, and DigiCert certificates that have not yet been issued, navigate to the certificate details page and press Cancel & modify settings. 

Digicert and GeoTrust certificates can also be revoked through the guest portal without the need to contact support.

Back to top