Sectigo.com
Shop Enterprise Partners Resources

Request new certificates

This guide is intended to introduce you to the process of requesting new SSL certificates to secure your domains.

Before proceeding, please ensure you have satisfied the following prerequisites:

  • You have created a Sectigo Authentication Service (SAS) profile

  • You have created, or have been invited to, an account in Sectigo Certificate Manager (SCM)

  • Your account has an active trial or subscription

  • You are, or are in immediate contact with, a network or domain administrator capable of completing domain control validation (DCV)

Step one: Add your domains

In SCM, you can request unlimited certificates for any domains added to your account.

To add domains to your account, do the following:

  1. Navigate to Manage  Domains.

  2. Click Add New.

  3. Enter your fully qualified domain name (FQDN) or wildcard domain.

    Each new FQDN or wildcard domain added to your account results in additional charges.

  4. (Optional) Enter a description that provides any contextual information required.

  5. Click Add Now or Purchase Now.

Step two: Validate your domains

Once a domain is added to your account, it must be verified that you are the owner, or an authorized representative, of that domain. This process is known as domain control validation (DCV).

To validate your domains, do the following:

  • Email

  • CNAME

  • HTTP / HTTPS

  1. Navigate to Manage  Domains.

  2. Select the domain to be validated, and click Manage.

  3. In the Actions panel, click Start Validation.

  4. Select the Email validation type.

  5. Click Next.

  6. Select an appropriate email address.

  7. Click Submit.

  8. Once you receive the validation email, click the included validation link.

  1. Navigate to Manage  Domains.

  2. Select the domain to be validated, and click Manage.

  3. In the Actions panel, click Start Validation.

  4. Select the CNAME validation type.

  5. Click Next.

  6. Add the Canonical Name (CNAME) record to your domain’s DNS settings.

    1. Sign into your domain registrar’s website or your DNS provider.

      Your domain registrar’s website is where you purchased your domain.

    2. Locate the option to add a new DNS record, and select CNAME as the record type.

    3. In the Host or Alias field, enter the CNAME Host / Label value provided.

    4. In the Target or Points to field, enter the CNAME Target / Destination value provided.

    5. Save the changes.

  7. Click Submit.

  1. Navigate to Manage  Domains.

  2. Select the domain to be validated, and click Manage.

  3. In the Actions panel, click Start Validation.

  4. Select the HTTP or HTTPS validation type.

  5. Click Next.

  6. Upload the verification file to your web server.

    1. Download the provided verification file.

    2. Upload the verification file to your web server in the <public document root>/.well-known/pki-validation directory.

      The <public document root> folder is often named wwwRoot, html, www, or htdocs.

    3. Click the provided validation URL to confirm that the file is publicly accessible.

  7. Click Submit.

Step three: Add certificates

Once your domains have been validated, they can be issued SSL certificates. There are two primary methods for requesting certificates:

  • Manual — You manually provide a certificate signing request (CSR) and the request is processed by Sectigo. Once the certificate has been issued, it is available in SCM to be downloaded and installed on your web server. These certificates can be manually renewed through SCM.

  • Automated — Using a supported ACME client paired with an ACME account in SCM, you can automatically enroll for certificates for specified domains. Once issued by Sectigo, the certificate is automatically installed on your web server and can be automatically renewed when approaching expiration.

Add a manual certificate

To add a manual certificate, do the following:

  1. Navigate to the Certificates page, and click Add New.

  2. Select Manual Certificate, and click Continue.

  3. Enter your certificate details based on the information provided in the following table.

    Field Description

    Certificate Profile

    The certificate profile determining the type of certificate and applicable restrictions (such as allowed terms and key types).

    Term Length

    The certificate’s validity period.

    Comments

    Additional information or context related to the certificate.

    Notifications

    The email addresses for all stakeholders who should receive email notifications about the certificate.

  4. Click Next.

  5. Upload or paste your CSR, and click Next.

  6. Review and update the domains included in the certificate based on the information provided in the following table.

    Field Description

    Common Name

    The primary domain name for which the certificate is to be issued.

    Subject Alternative Names (SANs)

    Secondary domain names for which the certificate is valid.
    Each new fully qualified domain name (FQDN) or wildcard domain added to your account results in additional charges.

  7. Once you have entered all domains, click Add Domains.

  8. In the Add New Domain dialog, review your purchase details, and click Purchase Now.

  9. Complete domain validation for each domain that is not validated.

    1. Click Validate Domain.

    2. Select your preferred validation method, and click Next.

    3. Follow the on screen instructions.

    4. Click Submit.

  10. Click Next.

  11. Review your certificate details, and accept the terms of service.

  12. Click Submit.

Your new certificate is now displayed on the Certificates page for management.

Add an automated certificate

To add an ACME automated certificate, do the following:

  1. Navigate to the Certificates page, and click Add New.

  2. Select Automated Certificate, and click Continue.

  3. Select your web server and ACME client.

  4. Click Continue.

  5. Select an ACME server.

  6. Configure your ACME client and account.

    Option Steps

    Existing server
    This requires an active ACME account in SCM that is connected to your ACME client.

    1. Select Existing Server.

    2. In a terminal, navigate to your ACME client install location, and run the provided command to confirm installation.

    3. In SCM, click Next.

    4. Select your ACME account.

    5. Click Next.

    New server

    1. Select New Server.

    2. Configure your ACME client.

      1. If you have not already done so, install your ACME client using the client’s official documentation.

      2. In a terminal, navigate to your client install location, and run the provided command to confirm installation.

    3. In SCM, click Next.

    4. Enter a name for your new ACME account.

    5. Click Next.

  7. Enter the domains to be included in your certificate.

    Each new fully qualified domain name (FQDN) or wildcard domain added to your account results in additional charges.

  8. Once you have entered all domains, click Add Domains.

  9. In the Add New Domain dialog, review your purchase details, and click Purchase Now.

  10. Complete domain validation with one of the following methods.

    Method Steps

    Automated Validation (FQDN only)

    1. Select Automated Validation.

    2. Click Next.

    Prevalidation via Sectigo Certificate Manager

    1. Select Prevalidation via Sectigo Certificate Manager.

    2. Complete domain validation for each domain that is not validated.

      1. Click Validate Domain.

      2. Select your preferred validation method, and click Next.

      3. Follow the on screen instructions.

      4. Click Submit.

    3. Click Next.

  11. In a terminal, navigate to your client install location, and run the provided command to complete configuration.

  12. In SCM, click Validate.

Your new certificate is now displayed on the Certificates page for management.