Thank you for choosing Infomaniak for secure your sites with an SSL certificate EV or DV of Sectionigo.

An SSL certificate secures all exchanges between your server and your visitors, displays a lock and adds the https to your site.

Which SSL certificate to choose?

• What are the conditions for having an EV SSL certificate?
• What are the differences between an EV and DV certificate?
• Can I order an SSL certificate from Infomaniak if my site is hosted elsewhere?
• What exactly does the guarantee of a sectorigo SSL certificate cover?

What do you want to do?

• Correct any errors after having activated an SSL certificate
• Install a free SSL certificate from Let's Encrypt on a site
• Install a wildcard type certificate
• Uninstall a Let's Encrypt certificate
• Update a Let's Encrypt Certificate (e.g. after adding/deleting aliases)
• Be aware of all SSL FAQs
• Contact Infomaniak Support

This guide explains how to renew a wildcard certificate via DNS challenge using Certbot.

Preamble

• Make sure to protect the configuration files and scripts containing sensitive information such as API tokens.
• Test the manual and automatic renewal process to ensure everything works correctly before the expiration date of the existing certificate.

Generate the wildcard certificate

Prerequisites

1. Click here to access API management on the Manager Infomaniak (need help?).
2. Create an Infomaniak API token with the scope "domain".
3. Save this token for later use.

From a terminal application (command line interface, CLI) on your device, for example cmd on Windows or Terminal (installed by default on macOS), run the Certbot command with the following parameters:

certbot certonly --manual -d *.domain.tld --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory

Create the TXT record

Create the TXT record for _acme_challengez.domain.tld manually from the Infomaniak interface.

Set up automatic renewal

Create the renewal configuration file

Create or edit the file /etc/letsencrypt/renewal/domain.tld.conf with the following information:

	[...]	
	[renewalparams]	
	account = xxxxx	
	pref_challs = dns-01,	
	server = https://acme-v02.api.letsencrypt.org/directory	
	authenticator = manual	
	manual_auth_hook = /root/infomaniak-auth.sh	
	key_type = rsa

Create the script infomaniak-auth.sh

Create the file /root/infomaniak-auth.sh with the following content:

	#!/bin/bash	
	INFOMANIAK_API_TOKEN=XXXXXXX	
	certbot certonly \	
	--authenticator dns-infomaniak \	
	--server https://acme-v02.api.letsencrypt.org/directory \	
	--agree-tos \	
	--rsa-key-size 4096 \	
	-d $CERTBOT_DOMAINdsqqds

Replace XXXXXXX with your Infomaniak API Token.

Automatic renewal

Schedule regular execution of certbot renew via a cron job to account for the configuration file and automatically renew your certificate at regular intervals.

0 0 */x * * /usr/bin/certbot renew --quiet --config /etc/letsencrypt/renewal/domain.tld.conf

Replace /x with the desired renewal frequency, for example every 30 days.

This guide details the conditions and procedure for obtaining a SSL EV certificate from Sectorigo with Infomaniak.

Prerequisites

• Extended validation SSL certificates (EVs) can only be granted to organisations, companies and companies legally registered with a recognized government authority (such as a business register).
  • The DV certificates of Sectionigo and Let's Encrypt are not subject to this constraint.
  • Compare SSL certificates available

Procedure for validation of EV certificates

Obtaining an EV SSL certificate can take up to 24 hours and requires valid information from the customer.

This procedure is Repeated every 12 months, regardless of the duration of the subscription chosen for the EV certificate.

1. Verification of the company's contact details

The data to be added to the certificate must first be verified from an independent source:

• legal or commercial name
• legal form
• the address
• the postal code
• the region / canton / department
• country/country code

Attention:

• The name of the company must correspond exactly to the one entered in the register or the Chamber of Commerce; the order can only be processed if the given name is registered and correctly marked.
• Only the registered legal name or the name of the mark followed by the legal name in parentheses is allowed [example: Commercial name (Legal name)]; for entities without legal name, all trade names may be used.
• It is prohibited to use a postal address.

In view of the above, a new request with correct data in the CSR is sometimes necessary, and Infomaniak may also need your approval to make changes to the information provided during the order.

2. Verification of data in the WHOIS directory

The WHOIS directory displays the information of the owner of a domain name. This data must correspond to the information provided when ordering the SSL EV certificate.

To update the information of a domain in WHOIS:

• If your domain is managed at Infomaniak, be aware of this other guide.
• If your domain is not managed by Infomaniak, contact your host/registrar.

3. Contract & validation for EV certificate

After ordering an EV certificate, the contact person of the company designated on the order will receive an e-mail from the certification authority Sectorigo with the following documents:

• the certificate application form
• the contract of the certificate

These documents are pre-filled and must be validated online by the contact person using an additional code. This will be provided by a sectionigo telephone robot (the telephone number will come from the Netherlands, +31 88 775 77 77 in principle) orally to your number registered with the register or the Chamber of Commerce.

Each certificate application is validated by telephone, including renewals and reissues of multi-domain certificates.

4. Domain verification (for external sites only)

This step checks that you have control of the domain (if it is external to Infomaniak) for which the certificate is requested. The domains of the sites hosted at Infomaniak are automatically validated.

Each (sub) domain must be individually approved using one of the methods described in this other guide.

This guide details the conditions and procedure for using a Sectigo Infomaniak certificate on a site hosted elsewhere, with a third-party host.

Preamble

• You have the possibility to benefit from the advantageous rates of Infomaniak for your SSL certificates while managing your sites with another host.

Install a Sectigo certificate

Due to the different service providers, the installation of your certificate will not be automatic:

1. Obtain the CSR

Export the CSR configuration file from your host and enter it when ordering your certificate at Infomaniak.

2. Confirm domain ownership

Validate the domains included in the certificate via one of the following methods:

• Enter a validation code received at one of the following email addresses (the complete email address must exist on the domain to be validated, for example “domain.xyz”):
  • admin@domain.xyz
  • administrator@domain.xyz
  • hostmaster@domain.xyz
  • postmaster@domain.xyz
  • webmaster@domain.xyz
• Creation of a unique CNAME record in the domain's DNS.
• Validation txt file to upload via FTP to your site.

This guide explains the main differences between an EV and DV certificate.

SSL EV Certificates: for companies

The Sectigo SSL EV certificate can only be issued to companies registered in an official registry.

It provides the highest level of trust with your clients and offers unique advantages in addition to including the benefits of a DV certificate:

• name of your company in the navigation bar
• lock in the navigation bar
• dynamic site seal
• domain name validation
• manual verification of your company's details and identity
• warranty up to $1,750,000 for end users
• 7/7 support

Activating an EV SSL certificate may take up to 24 hours and will require action on your part.

SSL DV Certificates: for companies and individuals

The Sectigo DV certificate is available to individuals and companies. It does not include some of the advantages mentioned above, but it offers additional benefits compared to free Let's Encrypt SSL certificates:

• dynamic site seal
• domain name validation
• guarantee up to $10,000 for end users
• support 24/7

The activation of a DV SSL certificate is immediate.

And what about Let's Encrypt certificates?

A free Let's Encrypt certificate guarantees the same level of encryption as an EV or DV certificate. However, Let's Encrypt certificates unfortunately do not offer the following benefits:

• manual validation of your company's credentials and authenticity (EV)
• warranty for end users in case of fraud (EV/DV)
• support in case of questions

In summary, Let's Encrypt certificates ensure the encryption of exchanges between your users and your site, but they do not guarantee to internet users that they are on a legitimate site whose identity has been authenticated by a certification authority.

This guide details the rules on the validity of SSL EV and DV certificates (entered into force on 1 September 2020).

Period of validity of SSL certificates

Following a meeting of the CA/B Forum that brings together the major players of the Web (Safari, Google Chrome, Mozilla Firefox, etc. - learn more), the decision was taken set the maximum period of validity of SSL certificates at 397 days The aim of this change is, in particular, to limit the risk of piracy of certificates and to increase the level of security of certificates. It is not excluded that the maximum period of validity of a certificate may be further shortened in the coming years. Some actors like Apple, Google or even Sectorigo are pushing in this direction.

SSL DV certificates from Sectorigo

SSL certificates DV of Sectorigo whose duration exceeds 1 year are automatically renewed by Infomaniak (certificate re-issued during the month preceding its expiry date).

It is necessary to reinstall the certificate on your site if it is not managed by Infomaniak.

SSL EV certificates from Sectorigo

SSL certificates EV sectorigo will have to be validated each year, regardless of the duration of the subscription chosen.

It is necessary to reinstall the certificate on your site if it is not managed by Infomaniak.

This guide explains how to generate a Certificate Request (CSR) for a domain name and all its subdomains with a Web hosting This allows you to encrypt the connection to your domain name and all its subdomains via SSL.

Set up Wildcard Certificate

1. Add an alias domain with asterisk *

To add a type alias * to your website:

1. Click here in order to access the management of your product on the Manager Infomaniak (Need help?).
2. Click directly on the nameallocated to the product concerned:
   
3. Then click on the chevron ‍ to develop the game Areas of this site.
4. Click on the button Add Domain:
   
5. Enter the domain name to add in this form:
   • *.domain.xyz (the asterisk is indispensable, followed by a point, then the domain name of the website which is in this example domain.xyz)
6. Click on the button Confirm to complete the procedure:
   

2. Install or update an SSL certificate

Example of updating the existing certificate to include the sub-domain * wildcard:

1. Click here in order to access the management of your product on the Manager Infomaniak (Need help?).
2. Click directly on the nameallocated to the product concerned.
3. Click SSL in the left side menu.
4. Click on the action menu ⋮ located on the right.
5. Click on Change Certificate:
   
6. Select the same certificate you already have.
7. Click on the button Next:
   
8. Make sure that the newly added subdomain is selected.
9. Click on the button Install At the bottom:
   
10. Wait for the time of creation or update.

The guarantee provided with an SSL EV or DV certificate protects your users against any unforeseen events related to a possible validation error on the part of Sectionigo, the certification body that issues SSL certificates and validates your personal data.

The guarantee is therefore payable if the certification authority does not properly validate the information contained in the digital certificate and this failure causes the end-user to lose money in a fraudulent credit card transaction.

This guide explains how to uninstall an SSL Certificate regardless of its type, initially installed from the Infomaniak Manager. If your certificate is a paid type and you wish to cancel the current offer instead, refer to this other guide.

Remove an SSL Certificate

To uninstall an Infomaniak certificate:

1. Click here to access the management of your product on the Manager Infomaniak (need help?).
2. Click directly on the name assigned to the product in question:
   
3. Click on the action menu ⋮ located to the right of the relevant item.
4. Click on Uninstall:
   
5. Confirm the uninstallation of the certificate.

This guide explains how to add a dynamic confidence seal to a secure site with a SSL certificate of Sectionigo.

Preamble

• Infomaniak, as host, offers SSL certificates to secure its customers' websites
• Sectorigo (formerly known as Comodo) is a recognized SSL certificate provider that offers different levels of security
• The "Dynamic Trust Seal", or "Sectigo Trust Seal" / "Sectigo Trust Logo" is a visual that website owners can display on their pages to tell visitors that their connection is secure, a sign of trust that informs users that transactions and exchanges of information on the site are encrypted and protected by an SSL certificate issued by Sectorigo.
• By using an SSL certificate from Sectorigo and by displaying the dynamic seal of trust, a website at Infomaniak therefore benefits not only from secure data exchange, but also from increased user confidence, which is essential in electronic commerce and for the protection of personal information.

Add a seal of trust

Here is how a dynamic seal of trust works:

1. Validation To obtain such a seal, the site owner must first obtain a valid SSL certificate from Sectionigo, which requires a validation process; depending on the level of certificate chosen (Domain Validation - DV, Organization Validation - OV or Extended Validation - EV), this validation may be more or less thorough
2. Installation : Once the SSL certificate has been obtained and installed on Infomaniak's web server, the website is then able to establish secure HTTPS connections
3. Seal display : Sectionigo provides an HTML code or script that the owner of the site can then integrate into its website; this code allows to display the dynamic confidence seal of Sectionigo
4. Update : the seal is often updated in real time to reflect the current status of the SSL certificate; if the certificate were to expire or be revoked, the seal would also reflect it, thus warning potential visitors that the site might no longer be secure
    

The trust seal consists of an HTML image and code. The latter only works if a Sectionigo certificate is installed on the site and in this case generates an interactive logo that displays the certificate data.

Save one of the images below

Right-click on the image to save and click on Save image as...

• Small
• Medium
• Large

Upload image to your site

Send the image to your web server (via FTP or CMS) and note the URL of access to this image for the next step (e.g. https://domain.xyz/wp-content/uploads/sectigo.png).

Get the code to include in your pages

Enter the full address of your image on the page https://www.trustlogo.com/install/index2.html to check if the image can be reached.

Click on the button Continue on the same page to get the 2 codes to copy-paste in the header of your web page(s):

Important:

• In the code, CL1 corresponds to an SSL certificate DV ; replace CL1 by SC5‍ for an SSL type certificate EV.