Subscription overview

Subscriptions are available in single year terms with the option to extend it to a multi-year subscription up to a maximum of 3 years.

Only one active subscription can exist at a time per external account binding (EAB) credentials. Additionally, domains are available to any ACME account that share the same EAB credentials.

A certificate can only be issued within the subscription validity period. However, the certificate validity period will not be limited by the subscription expiry date.

We recommend extending the subscription before its expiry to ensure that when the ACME client requests a new certificate, it can be issued without interruption.

Starting and maintaining subscriptions

A subscription begins when you add your first domain to the ACME account (and so to all ACME accounts that share the same EAB details) and fees for your new subscription are immediately deducted from your Sectigo Reseller account. The subscription expiration date is set to 365 days from the next calendar day.

Adding additional domains to your subscription does not affect the term of your subscription. These new domains inherit the existing subscription’s expiration date and are subject to pro-rated charges based on the number of full days remaining before subscription expiration.

For more information, see Add a domain.

You may need to remove a domain from your subscription if it is no longer required or was added by mistake. The removal process affects the associated domain in your subscription that was added free of charge.

The REMOVEDOMAIN action removes a specified Fully Qualified Domain Name (FQDN) or wildcard domain from your subscription. You can remove a domain from your subscription at any time during the subscription validity period.

Removing a domain name within 30 days from adding it will result in an automatic full refund of the order under which it was added.

Once the domain is removed, certificates can no longer be requested for the domain through associated ACME accounts.

For more information, see Remove a domain.

Extending subscriptions

A subscription with at least one associated domain can be extended in increments of 365 days up to a maximum subscription term of 3 years. Extensions can be initiated any time within a period of 730 days prior to the subscription’s expiration date.

Extending a subscription used by ACME accounts that share particular EAB details adds an additional year (365 days) to the subscription period for all domains associated with the current subscription iteration. The cost for an annual subscription including each domain is immediately deducted from your Sectigo Reseller account.

When extending a subscription, any previously paid domain will continue to be charged, while any domain that was granted for free will continue to be free.

When an extension is completed, the subscription’s new expiry date will be calculated as follows:

New Subscription Expiry Date = Existing Subscription Expiry Date + 365 days

Before extending a subscription, any domain names that you do not want to renew should be removed.

Sample extension scenario

In the following scenario, prices are hypothetical and are used for illustrative purposes only:

  • You have two Fully-Qualified Domain Names (FQDNs) that are part of your active subscription.

  • ACME DV Domain is priced at $365 per year.

  • Subscription Expiry Timestamp is 28/08/2025 23:59:59 for both domains.

  • There are 5 days remaining until the subscription’s expiration.

After your subscription is extended:

  • The Subscription Expiry Timestamp is updated to 28/08/2026 23:59:59 for both domains.

  • Your account is charged $730 ($365 x 2 FQDNs).

  • There are 370 days remaining until the subscription’s expiration.

    Adding a new domain immediately after this will incur a pro-rated charge of $370 ($1 per day for 370 days) until the subscription’s expiration.

If a subscription expires before being extended, all domains from the expired subscription are also considered expired. These domains must be re-added to a new subscription in order for associated ACME clients to continue requesting certificates for them. If you start a new subscription without re-adding all expired domains, they will remain in your domains report but won’t be part of the subscription or incur charges.

Domain details

The domain name added must be one of the following:

  • Fully-Qualified Domain Name (FQDN) — A complete, unambiguous, non-wildcard domain name that specifies the exact location of network resources.

  • Wildcard Domain Name — A domain record specified by using a * as the leftmost label of a domain name, allowing it to cover any subdomain at a single level under the specified domain, but not extending to subdomains of the higher levels.

For more information on FQDNs and Wildcards, see RFC 9499 - DNS Terminology.

In some instances, domain names may be eligible to be added to the subscription free of charge if they are associated with another domain in the subscription that is paid for. However, these domains must still be explicitly added to the subscription. The addition of domains may be free of charge in the following scenarios:

  • If there’s a wildcard domain in the current active subscription, adding its FQDN equivalent (i.e., removing the *.) will be free of charge, but not vice versa.

    Adding the www subdomain or any other subdomain covered by an existing wildcard domain in the subscription (i.e., replacing *. in the wildcard domain with www. or another label) will incur normal charges.

  • If there’s an FQDN in the current active subscription that has been paid for, adding its single www subdomain will be free of charge, but not vice versa.

    This does not apply if a wildcard domain is already present in the subscription.
Examples:

  • If domain.brand.com is added, www.domain.brand.com can be added for free thereafter.

  • If *.domain.brand.com is added, then domain.brand.com can be added for free, but adding brand.com will incur a charge.

  • If *.domain.brand.com is added, adding www.domain.brand.com, or subdomain.domain.brand.com later will incur a charge.

  • If www.domain.brand.com is added first, domain.brand.com will incur a charge.

  • If domain.brand.com is added first, *.domain.brand.com will incur a charge.

If a domain is erroneously removed from a subscription, adding it back will incur charges unless another domain in the subscription, which was paid for, can overwrite this behavior according to the above rules. For instance, if it is a single www subdomain of a registrable domain name that is still active in the subscription.

If the same domain is added to multiple EABs, the ADDDOMAIN and EXTENDDOMAINS actions will be chargeable for each domain instance.

For more details on adding a domain or extending a subscription, see Add a domain or Extend a subscription.