Articles in this section

Advanced SSL setup and troubleshooting

Avatar
Maté K.
  • Updated
Follow

SSL certificates encrypt the data between your web browser and the web server hosting the website, keeping sensitive data submissions like your billing details safe. If you see a lock icon beside the website name in your browser, the site has an SSL certificate installed on it and your information is secured.

Creating a CSR for your certificate

A Certificate Signing Request (CSR) is a unique code generated by a web server containing information about your website that will be used to produce the final certificate. Anytime a CSR is generated, a private key is saved on the same server. Below is an example of what a CSR and a private key may look like.

Examples_of_CSR_and_Private_Key.jpg

You will need to ask your web hosting provider to create a CSR to purchase your certificate. Depending on which certificate authority is used, there are different ways to generate the CSR on web servers.

Back to top

Purchasing your SSL certificate

Once you have generated the CSR, you will need to submit it within your account.

  1. Login to your account and navigate to Security, followed by SSL Certificates and Manage.
    Manage_Certificate.jpg
  2. Click Add new to purchase a certificate and go through the checkout process.Add_New_Cert.jpg
  3. Come back to the list of certificates in your account and select Not configured.
    Click_Not_Configured.jpg
  4. Paste the full CSR and update the contacts if necessary, followed by pressing Submit certificate.
    Important: Be sure to include the -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- in your CSR. If you receive any errors about your CSR, use a CSR checker to examine if you are submitting a valid CSR and fix any outstanding errors.
    Submit_CSR.jpg
  5. Select an approval email address and press Submit certificate. You will then shortly receive an email asking you to verify your domain. Only after this will you receive a second email with the certificate.
    Note: The approval email addresses are generated by the certificate authority and cannot be modified. If you cannot create any of the addresses, submit a support ticket and request to change the approval method to add a host record entry to your domain DNS settings.Select_Approval_Email.jpg

Back to top 

Viewing the status of your SSL certificate

  1. Navigate to Security, followed by SSL Certificates and Manage.Manage_Certificate.jpg
  2. You can view the status of all your certificates or choose any domain name for more information.
    Certificate_Statuses.jpg
  3. Once you select an SSL certificate, you can view its details.
    Certificate_Details.png
Heading Description
Status The current state of the certificate. Hover your mouse over the i icon for more information.
Expiration The date the certificate is set to expire.
Order ID Transaction number used by Enom to track the order.
Reference ID A unique number used by the certificate authority to track the order.
Domain The common name for the certificate such as www.yourdomain.com.
Approval Email The address the validation email is sent to.
Web Server Information View the submitted CSR.
Contact Information View the submitted contact information.

Back to top 

Resending the approval email

For Sectigo certificates, customers can request DCV emails and change the DNS validation method using Sectigo's online tool or contact support.

For GeoTrust, RapidSSL and Digicert certificates, it can be resent directly from your account.

  1. Navigate to Security, followed by SSL Certificates and Manage.Manage_Certificate.jpg
  2. Choose the certificate you want the approval email to be resent for.Select_Your_Certificate.jpg
  3. Select the Resend approval email link at the top of the page.
    Note: It can take up to one hour for this email to arrive.
    Resend_Approval_Email.jpg

Back to top 

Downloading the CA bundle for your SSL certificate

If your SSL certificate is returning as untrusted when visiting your website, you will need to install the missing intermediate Certificate Authority (CA) files. Without these files, your SSL certificate is missing important files that web browsers need to verify your site as secure.

Most SSL certificate purchases already include these files in the fulfillment email you received. However, you can also download the CA bundle directly from your corresponding certificate authority.

Customers can download Digicert and GeoTrust certificates from the guest portal as well.

Back to top  

Reissuing or renewing an SSL certificate

Digicert and GeoTrust certificates can be reissued through the guest portal without the need to contact support. To reissue a Sectigo certificate, submit a support ticket with the new CSR. Include the following in the request as well:

  • SSL brand (Digicert, GeoTrust, Sectigo)
  • Order ID number
  • Reference ID number
  • Common name/domain
  • Approval email address

There is no auto-renew option available, you must purchase a new SSL certificate of the same type and configure it with identical information as the original.

Brand Renewal period Expiration after renewal
Digicert 89 days before expiration 12 months*
Geotrust 89 days before expiration 12 months*
RapidSSL 30 days before expiration 12 months*
Sectigo 60 days before expiration 12 months plus the remaining days left from the original Sectigo cert.

* For DigiCert, GeoTrust, and RapidSSL certificates, the remaining days do not carry over to the new certificate. If the existing certificate was purchased on June 1, 2020, with an expiry of June 1, 2021, and the renewal certificate order is purchased on May 1, 2021, the new expiry will be 30 days after May 1, 2022, not June 1, 2022.

To renew the SSL, the following criteria must be satisfied: 

  • The Certificate Name (CN) must match the previous certificate.
  • The certificate type must be the same as the expiring certificate.
  • The same Enom account must place the order for the renewing certificate.
  • DigiCert allows renewals within 89 days of expiration.
  • The renewal is not extending time from the current active certificate but adding 30 days to the new one. 
  • There is no auto-renew option available, you must purchase a new SSL certificate of the same type and configure it with identical information as the original. This will not apply retroactively. 

Back to top 

Canceling an SSL certificate

If the certificate status is shown as issued and is a Sectigo certificate, contact our support team with your request to cancel and include the certificate Order ID number.

For Geotrust, RapidSSL, and DigiCert certificates that have not yet been issued, navigate to the certificate details page and press Cancel & modify settings

Cancel_Certificate.jpg

Digicert and GeoTrust certificates can also be revoked through the guest portal without the need to contact support.

Back to top

Related articles

Comments

0 comments

Article is closed for comments.