Thank you for choosing Infomaniak to secure your sites with an SSL certificate EV or DV from Sectigo.

An SSL certificate secures all exchanges between your server and your visitors, displays a padlock and adds the https to your site.

Which SSL certificate to choose?

• What are the requirements for an EV SSL certificate?
• What are the differences between an EV and DV certificate?
• Can I order an SSL certificate from Infomaniak if my site is hosted elsewhere?
• What does the warranty of a Sectigo SSL certificate exactly cover?

What would you like to do?

• Fix any potential errors after activating an SSL certificate
• Install a free Let's Encrypt SSL certificate on a site
• Install a wildcard certificate
• Uninstall a Let's Encrypt certificate
• Update a Let's Encrypt certificate (e.g. after adding/removing aliases)
• Familiarize yourself with all the FAQs about SSL
• Contact Infomaniak support

This guide explains how to order, link or remove a dedicated IP from a website.

Manage dedicated IPs on a hosting plan

Order one or several first dedicated IP addresses

To do this:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on Web in the left sidebar.
4. Click on Dedicated IPs in the left sidebar.
5. Click on the button to order one or more IP addresses:
   

Order one or several additional dedicated IP addresses

To do this:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on Web in the left sidebar.
4. Click on Dedicated IPs in the left sidebar.
5. Click on Order :
   

Associate a dedicated IP address with a website on a hosting plan

Once the IP has been ordered and paid for, familiarize yourself with the prerequisites below, as switching to a dedicated IP address for a website may cause a temporary interruption, especially in the presence of a certificat SSL Let’s Encrypt. To limit the impact:

• Start by reducing the TTL of the DNS records A and AAAA (for @ and www) to 5 minutes.
• Wait for the previous TTL duration before making any changes.
• The change below should be made during a period of low traffic to limit the inconvenience caused by the inevitable interruption.
• At the end of the procedure, you will need to wait for the new TTL to propagate the new configuration and for the SSL certificate to be regenerated, then check the accessibility of the site in HTTPS to ensure that everything is working correctly.

To switch to a dedicated IP address:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on Web in the left sidebar.
4. Click on Dedicated IPs in the left sidebar.
5. Click on the button to dedicate the IP to a site on your hosting:
   
6. Select the site to assign the new IP address to.
7. Check the box after reviewing the warnings.
8. Click on the Associate button:
   

Remove a dedicated IP address from a website

Once the IP is installed, to uninstall it:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on Web in the left sidebar.
4. Click on Dedicated IPs in the left sidebar.
5. Click on the action menu ⋮ located to the right of the relevant item.
6. Choose Unbind:
   
7. Take note of the warnings and confirm the deletion to complete the IP uninstallation procedure.

This guide explains how to replace the main domain name associated with a Website hosted on Infomaniak in case you want to, for example, change the name of your activity or modify the spelling.

Preamble

• It is not possible to simply change the spelling of the domain name in question.
• You must own the new domain name and install it in place of the current one by performing a swap (read below).
• You can also rename your Web Hosting product in the Infomaniak Manager but changing the name of a hosting service has strictly no impact on the URLs of the sites.
• You need to act on the domain name and, if necessary, adapt the content of the site.

Change the website's domain name

Prerequisites

• Prepare the new domain name (if necessary you need to buy it).
• If the change you are looking for is more of a "subdomain" to "main domain" type (dev.domain.xyz → domain.xyz for example) then refer to this other guide.

To replace the domain name assigned to the site with another domain name:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the concerned product:
   
3. Then click on the chevron ‍ to expand the Domains section of this site:
   
4. Refer to this other guide to link the new domain name to your site (read the prerequisites carefully):
   • It is this new linked domain that will replace the current primary domain name after the inversion you will perform below.
5. Once the new domain name is linked to your site, click on the action menu ⋮ to the right of it.
6. Choose Set as primary domain:
   
7. If necessary, delete the old domain name and its variants that have become alias domains alias (and no longer primary domains).

If you are using a SSL certificate, you will need to update it to include the added aliases.

If you are using the dedicated IP option, you will need to uninstall and reinstall it after performing the swap.

Adapt the site content to the new name

In some cases, the web application used to develop the site needs to be adjusted to work with the new domain name. Click on the link corresponding to the development of your site to adapt the content:

• WordPress
• Joomla
• Prestashop
• application offered in WordPress & Apps

This guide details the validity rules for SSL EV and DV certificates (effective as of September 1, 2020).

Validity period of SSL certificates

Following a meeting of the CA/B Forum, which brings together major web players (Safari, Google Chrome, Mozilla Firefox, etc. - learn more), it was decided to set the maximum validity period of SSL certificates to 397 days. This change aims, among other things, to limit the risk of certificate hacking and to increase the level of security of certificates. It is not excluded that the maximum validity period of a certificate may be further reduced in the coming years. Some players like Apple, Google or even Sectigo are pushing in this direction.

Sectigo DV SSL Certificates

The SSL DV certificates from Sectigo with a duration of more than 1 year are automatically renewed by Infomaniak (certificate reissued during the month preceding its expiration date).

It is necessary to reinstall the certificate on your site if it is not managed by Infomaniak.

Sectigo EV SSL Certificates

The SSL EV certificates from Sectigo will need to be validated each year, regardless of the subscription duration chosen.

It is necessary to reinstall the certificate on your site if the latter is not managed by Infomaniak.

This guide helps you identify and correct errors encountered when trying to use your email software/client like Microsoft Outlook, Mozilla Thunderbird, Apple Mail, etc.

Be aware of this other guide if you are looking for information about type errors "mailer daemon" or "delivery failure"after sending an e-mail.

Always use...

• the only name of the server: mail.infomaniak.com (for reception servers) IMAP and forwarding SMTP)
• the good ones Incoming / Outgoing Port Numbers
• the Authentication in the settings when it is proposed, and provide the username (your full email address) and password in the boxes for mandatory authentication if necessary
• the good one e-mail address password who is in principle different the username used to connect to Infomaniak (click here to check that you use the correct password and if necessary, change the password of your email address)
• an existing email address that must have actually been established (or defined as alias)
• only one protocol at a time (never consult a mailbox with devices configured in POP3 for some and in IMAP for others because these two protocols work badly together)

Mandatoryly try to...

• compare recommended parameters for the software/mail client used, especially if you have just changed the Infomaniak-side password
• raise your e-mails using another network (Wifi, connection sharing from 4G/5G, or any other Internet connection)
• temporarily disable your security applications (antivirus, firewall, VPN...); if you can then normally pick up your emails, contact the editor of the security application(s) you are using
• type your password plain in a word processing; depending on the configuration of your keyboard key it A may return to the letter Z and the key Q may return to the letter A...
• restart and retrieve a send/receive: some applications require multiple validation of the window containing the configuration parameters or require them to be restarted to take into account their new parameters
• write a new message after changing your settings: a message in writing that would be saved in the folder Drafts risk of not taking into account possible configuration changes

Types of errors

• 0x800... - be aware of this other guide
• Certificate error (SSL or other): be aware of this other guide
• 550 5.7.1 relaying denied or Proper authentication required - be aware of this other guide
• 535 5.7.0 authentication failed - be aware of this other guide

but also:

• "573 Antispam: Authenticated connection not possible. Please use port 587 instead of port 25."
  or"An operation on the server timed out. The server may be down, overloaded, or there may be too much net traffic."
  or"the time limit is exceeded" with an error number that follows (421, or 573 e.g.).
  Most ISPs (Internet Service Providers) blocked the SMTP No.25 port many years ago. Therefore port 25 should never be specified as SMTP port So you can still send e-mails, use the recommended ports.

This guide explains how to uninstall an SSL Certificate regardless of its type, initially installed from the Infomaniak Manager. If your certificate is a paid type and you wish to cancel the current offer instead, refer to this other guide.

Remove an SSL Certificate

To uninstall an Infomaniak certificate:

1. Click here to access the management of your product on the Manager Infomaniak (need help?).
2. Click directly on the name assigned to the product in question:
   
3. Click on the action menu ⋮ located to the right of the relevant item.
4. Click on Uninstall:
   
5. Confirm the uninstallation of the certificate.

This guide explains how to install a free SSL certificate from Let's Encrypt on a website hosted by Infomaniak.

Preamble

• Once the certificate is installed, your website will be accessible in http and https …
  • If necessary automatically redirect all your visitors to the secure https site.
• If you want to include an alias domain recently added to your site that already had a certificate, you need to update it.
• For multiple subdomains, refer to this other guide.
• Let's Encrypt limits certificate installation to:
  • 100 subdomains
  • 20 certificates for 7 days per registered domain
  • 5 failed requests per account per host name per hour

Install a free SSL certificate on a site

Prerequisites

• For the installation to be possible, the DNS of the domain name must be correctly configured to point to the site in question.
• If a change has recently been made at this level, some operations may not be functional immediately.

To access the websites to install an SSL certificate:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the product in question:
   
3. Click on Configure under SSL Certificate:
   
4. Click the Install certificate button:
   
5. Choose the free certificate.
6. Click on the Next button:
   
7. Check or select the relevant domains.
8. Click on the button Install:
   
9. Wait until the certificate is obtained on the site.

Refer to this other guide if you encounter SSL errors.

This guide details the conditions and procedure to obtain a EV SSL certificate from Sectigo with Infomaniak.

Prerequisites

• Extended Validation (EV) SSL certificates can only be issued to organizations, companies, and societies legally registered with a recognized government authority (such as a commercial register).
  • The DV certificates from Sectigo and Let's Encrypt are not subject to this constraint.
  • Compare the available SSL certificates

EV certificate validation procedure

Obtaining an EV SSL certificate can take up to 24 hours and requires valid information from the client.

This procedure is repeated every 12 months, regardless of the subscription duration chosen for the EV certificate.

1. Verification of the company's details

The data that will be added to the certificate must first be verified with an independent source:

• the legal or commercial name
• the legal form
• the address
• the postal code
• the region / the canton / the department
• the country / the country code

Attention:

• The company name must exactly match the one registered with the registry or the chamber of commerce; the order can only be processed if the given name is registered and correctly noted.
• Only the registered legal name or the brand name followed by the legal name in parentheses is allowed [example: Commercial Name (Legal Name)]; for entities without a legal name, all commercial names can be used.
• It is forbidden to use a postal address.

Given the above, a new request with correct data in the CSR may sometimes be necessary, and Infomaniak may also need your approval to make changes to the information provided during the order.

2. Verification of data in the WHOIS directory

The WHOIS directory displays the information of the owner of a domain name. This data must match the information provided when ordering the EV SSL certificate.

To update the information for a domain in the WHOIS:

• If your domain is managed by Infomaniak, refer to this other guide.
• If your domain is not managed by Infomaniak, contact your host/registrar.

3. Contract & validation for the EV certificate

After ordering an EV certificate, the designated company contact person will receive an email from the certification authority Sectigo with the following documents:

• the certificate request form
• the certificate contract

These documents are pre-filled and the contact person must validate them online using an additional code. This will be provided by a telephone robot from Sectigo (the call number will come from the Netherlands, +31 88 775 77 77 in principle) orally to your number registered with the registry or the chamber of commerce.

Each certificate request is validated by phone, including renewals and reissues of multi-domain certificates.

4. Domain verification (for external sites only)

This step verifies that you control the domain (if it is external to Infomaniak) for which the certificate is requested. Domains of sites hosted at Infomaniak are automatically validated.

Each (sub-)domain must be approved individually via one of the methods described in this other guide.

This guide explains how…

1. … generate a CSR and private key to request a third-party certificate from a Certification Authority (CA),
2. … import this certificate for your Infomaniak site, using the CRT obtained from the CA.

Preamble

• Although Infomaniak offers all the SSL certificates you might need…
  • free Let's Encrypt certs for personal sites (only possible with sites hosted at Infomaniak),
  • DV certs from Sectigo for professional/private sites that are not registered in the trade register,
  • EV certs from Sectigo for companies registered in the trade register,
• It is also possible to install an SSL certificate obtained elsewhere (intermediate certificate from a certification authority of your choice), custom or self-signed certificates.

1. Generate a CSR (Certificate Signing Request)

A CSR (Certificate Signing Request or Certificate Signing Request) is an encoded file containing the information necessary to request an SSL/TLS certificate.

It must be generated on your side to ensure that the private key remains under your control, using for example OpenSSL.

Adapt and run the following command from a terminal application (command line interface, CLI) on your device:

openssl req -utf8 -nodes -sha256 -newkey rsa:2048 -keyout domain.xyz.key -out domain.xyz.csr -addext "subjectAltName = DNS:domain.xyz, DNS:www.domain.xyz"

Explanations

• newkey rsa:2048: Generates a new 2048-bit RSA key.
• keyout domain.xyz.key: Specifies the file where the private key will be saved.
• out domain.xyz.csr: Specifies the file where the CSR will be saved.
• addext “subjectAltName = ...”: Adds additional domains via the SAN (Subject Alternative Name) extension, necessary to include all desired domains in the certificate (the main domain domain.xyz + any other associated domain or subdomain, such as www.domain.xyz).

After generation, you can check the contents of the CSR with the following command:

openssl req -in domain.xyz.csr -noout -text

This allows you to verify that all domains listed in subjectAltName are correctly included.

Once the CSR is generated, you can send it to the certification authority (CA) to obtain your SSL/TLS certificate.

2. Import the external certificate

Once validated, the CA issues a certificate (domain.xyz.crt) and sometimes an intermediate certificate (ca_bundle.crt). To access SSL certificate management:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on SSL Certificates in the left sidebar.
4. Click the blue Install a certificate button:
   
5. Choose the custom certificate.
6. Click on the Next button:
   
7. Import your certificate and private key, either by importing the .crt and .key files or by copy-pasting.
8. Click on Complete:
   

Alternative command to generate a self-signed certificate (optional)

If you want a local certificate for testing purposes only or without going through a CA (not recommended for production), you can use this command:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout domain.xyz.key -out domain.xyz.crt -addext “subjectAltName = DNS:domain.xyz, DNS:www.domain.xyz”

This generates both a self-signed certificate (domain.xyz.crt) and a private key (domain.xyz.key). However, self-signed certificates are not recognized as valid by public browsers or systems. They are only suitable for internal or development environments.

Import an intermediate certificate

When adding a custom SSL certificate, it is possible to import the intermediate certificate (by importing the .crt file or pasting the data provided by the certification authority):

This guide explains how to add two different EV or DV SSL Certificates to the same site.

Preamble

• Since it is not possible to install two SSL certificates on the same site, it is necessary to create two identical sites.

Creation of the second site

Prerequisites

• Remove any potential domain name alias from your site.

To access web hosting to add a site:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on the button Add a site:
   
4. Continue without installing any tool.
5. Choose between using a domain name or a subdomain.
6. Specify the domain or subdomain name.
7. Click on Advanced options.
8. Enable (or not) the Let's Encrypt SSL certificate on the future site.
9. Check the box Set location manually.
10. Choose the same location as the main site:
    
11. Choose the same version PHP as the main site:
12. Click on the blue Next button to start creating the site.

Install the SSL certificate

Once the second site is created (any addition/modification may take up to 48 hours to propagate), you will be able to install an SSL certificate (if you chose not to install the certificate at point 8 above).

To access website management:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on SSL Certificates in the left sidebar.
4. Click on the blue button Install a SSL certificate and follow the procedure.