Sectigo.com
Shop Enterprise Partners Resources

Request new certificates

This guide is intended to introduce you to the process of requesting new SSL certificates to secure your domains.

Before proceeding, please ensure you have satisfied the following prerequisites:

  • You have created a Sectigo Authentication Service (SAS) profile

  • You have created, or have been invited to, an account in Sectigo Certificate Manager (SCM)

  • Your account has an active trial or subscription

  • You are, or are in immediate contact with, a network or domain administrator capable of completing domain control validation (DCV)

Step one: Add your domains

In SCM, you can request unlimited certificates for any domains added to your account.

To add domains to your account, do the following:

  1. Navigate to Manage  Domains.

  2. Click Add New.

  3. Enter your fully qualified domain name (FQDN) or wildcard domain.

    Each new FQDN or wildcard domain added to your account results in additional charges.

  4. (Optional) Enter a description that provides any contextual information required.

  5. Click Add Now or Purchase Now.

Step two: Validate your domains

Once a domain is added to your account, it must be verified that you are the owner, or an authorized representative, of that domain. This process is known as domain control validation (DCV).

To validate your domains, do the following:

  • Email

  • CNAME

  • HTTP / HTTPS

  1. Navigate to Manage  Domains.

  2. Select the domain to be validated, and click Manage.

  3. Click Start Validation.

  4. Select the Email validation type.

  5. Click Next.

  6. Select an appropriate email address.

  7. Click Submit.

  8. Once you receive the validation email, click the included validation link.

  1. Navigate to Manage  Domains.

  2. Select the domain to be validated, and click Manage.

  3. Click Start Validation.

  4. Select the CNAME validation type.

  5. Click Next.

  6. Add the Canonical Name (CNAME) record to your domain’s DNS settings.

    1. Sign into your domain registrar’s website or your DNS provider.

      Your domain registrar’s website is where you purchased your domain.

    2. Locate the option to add a new DNS record, and select CNAME as the record type.

    3. In the Host or Alias field, enter the CNAME Host / Label value provided.

    4. In the Target or Points to field, enter the CNAME Target / Destination value provided.

    5. Save the changes.

  7. Click Submit.

  1. Navigate to Manage  Domains.

  2. Select the domain to be validated, and click Manage.

  3. Click Start Validation.

  4. Select the HTTP or HTTPS validation type.

  5. Click Next.

  6. Upload the verification file to your web server.

    1. Download the provided verification file.

    2. Upload the verification file to your web server in the <public document root>/.well-known/pki-validation directory.

      The <public document root> folder is often named wwwRoot, html, www, or htdocs.

    3. Click the provided validation URL to confirm that the file is publicly accessible.

  7. Click Submit.

Step three: Add certificates

Once your domains have been validated, they can be issued SSL certificates. There are two primary methods for requesting certificates:

  • Manual — You manually provide a certificate signing request (CSR) and the request is processed by Sectigo. Once the certificate has been issued, it is available in SCM to be downloaded and installed on your web server. These certificates can be manually renewed through SCM.

  • Automated — Using a supported ACME client paired with an ACME account in SCM, you can automatically enroll for certificates for specified domains. Once issued by Sectigo, the certificate is automatically installed on your web server and can be automatically renewed when approaching expiration.

Add a manual certificate

To add a manual certificate, do the following:

  1. Navigate to the Certificates page.

  2. Click Add New.

  3. Select Manual Certificate, and click Continue.

  4. Enter your certificate details based on the information provided in the following table.

    Field Description

    Term Length

    The certificate’s validity period.

    Comments

    Additional information or context related to the certificate.

    Notifications

    The email addresses for all stakeholders who should receive email notifications about the certificate.

  5. Click Next.

  6. Upload or paste your CSR, and click Next.

  7. Enter the details of the domains included in the certificate based on the information provided in the following table.

    Field Description

    Common Name

    The primary domain name for which the certificate was issued.

    Alternative Names (SANs)

    Secondary domain names for which the certificate is valid.

    Domain Validation

    The validation status of each added domain.

  8. Complete domain validation for each domain that is not validated.

    1. Click Validate Domain.

    2. If prompted, review the purchase details, and click Purchase Now.

    3. Select your preferred validation method, and click Next.

    4. Follow the on screen instructions.

    5. Click Submit.

  9. Click Next.

  10. Review your certificate details, and accept the terms of service.

  11. Click Submit.

Your new certificate is now displayed on the Certificates page for management.

Add an automated certificate

These instructions assume that you do not have an existing ACME account and ACME client pairing.

To add an ACME automated certificate, do the following:

  1. Navigate to the Certificates page.

  2. Click Add New.

  3. Select Automated Certificate, and click Continue.

  4. Select your web server and ACME client pair.

  5. Click Continue.

  6. Select New Server.

    This requires the creation of a new ACME account for pairing with the new web server.

  7. Configure your ACME client.

    1. If you have not already done so, install your ACME client using the client’s official documentation.

    2. In a terminal, navigate to your client install location, and run the provided command to confirm installation.

  8. In SCM, click Next.

  9. Enter a name for your new ACME account, and click Next.

  10. Enter the domains to be included in your certificate.

    Each new fully qualified domain name (FQDN) or wildcard domain added to your account results in additional charges.

  11. Complete domain validation with one of the following methods.

    Method Steps

    Automated Validation (FQDN only)

    1. Select Automated Validation.

    2. Click Next.

    3. If prompted, review the purchase details, and click Purchase Now.

    Prevalidation via Sectigo Certificate Manager

    1. Select Prevalidation via Sectigo Certificate Manager.

    2. Complete domain validation for each domain that is not validated.

      1. Click Validate Domain.

      2. If prompted, review the purchase details, and click Purchase Now.

      3. Select your preferred validation method, and click Next.

      4. Follow the on screen instructions.

      5. Click Submit.

    3. Click Next.

  12. In a terminal, navigate to your client install location, and run the provided command to complete configuration.

  13. In SCM, click Validate.

Your new certificate is now displayed on the Certificates page for management.