SSL Certificates

Wildcard SSL certificates secures your website URL and an unlimited number of its subdomains. For example, a single Wildcard certificate can secure www.coolexample.com, blog.coolexample.com, and store.coolexample.com.

Wildcard certificates secure the common name and all subdomains at the level you specify when you submit your request. Just add an asterisk (*) in the subdomain area to the left of the common name.

Examples

If you request your certificate for *.coolexample.com, you can secure:

• coolexample.com
• www.coolexample.com
• photos.coolexample.com
• blog.coolexample.com

If you request your certificate for *.coolexample.com, you can secure:

• www.coolexample.com
• mail.www.coolexample.com
• photos.www.coolexample.com
• blog.www.coolexample.com

Wildcard certificates secure websites just like regular SSL certificates, and requests are processed using the same validation methods. However, some Web servers might require a unique IP address for each subdomain on the Wildcard certificate.

Intermediate certificates are used as a stand-in for our root certificate. We use intermediate certificates as a proxy because we must keep our root certificate behind numerous layers of security, ensuring its keys are absolutely inaccessible.

However, because the root certificate itself signed the intermediate certificate, the intermediate certificate can be used to sign the SSLs our customers install and maintain the “Chain of Trust.”

Installing Intermediate Certificates

After your SSL certificate is issued, you will receive an email with a link to download your signed certificate and our intermediate certificates.

How you install the certificates depends on the server software you use. In most cases, you can download and install an intermediate certificate bundle. However, for some server types you must download and install the two intermediate certificates individually. Please refer to the Install SSL certificates for the specific process you should follow.

All of our intermediate certificates and certificate bundles are also available from the repository.

A Unified Communications Certificate (UCC) is an SSL certificate that protects multiple domains and subdomains. UCC certificates can be used on our hosting products to protect multiple websites, but the websites must all be on the same hosting account.

They’re ideal for Microsoft® Exchange Server 2013, Exchange Server 2016 and Microsoft Live® Communications Server.

While the site seal and certificate “Issued To” information will only list show the primary domain name, but all of your domains and subdomains will be listed on the same certificate. If you do not want your sites to appear connected to each other, you shouldn’t use this type of certificate.

Note: You cannot upgrade a UCC to include more names. If you are using all of the slots available in your current UCC certificate, and you need to cover another domain, you’ll need to purchase a new certificate to add another domain name.

An SSL certificate ensures safe, easy, and convenient Internet shopping. Once an Internet user enters a secure area — by entering credit card information, email address, or other personal data, for example — the shopping site’s SSL certificate enables the browser and Web server to build a secure, encrypted connection. The SSL “handshake” process, which establishes the secure session, takes place discreetly behind the scene without interrupting the consumer’s shopping experience. A “padlock” icon in the browser’s status bar and the “https://” prefix in the URL are the only visible indications of a secure session in progress.

By contrast, if a user attempts to submit personal information to an unsecured website (i.e., a site that is not protected with a valid SSL certificate), the browser’s built-in security mechanism triggers a warning to the user, reminding him/her that the site is not secure and that sensitive data might be intercepted by third parties. Faced with such a warning, most Internet users will likely look elsewhere to make a purchase.

When requesting an SSL certificate, we might require you verify that you control the domain for which you’re requesting the certificate. To do this, we provide you one of two options:

HTML page – Upload an HTML page with content we specify to a distinct directory of the website for the common name you’re using

DNS record – Create a TXT record we specify in your domain name’s zone (DNS) file

Which type of verification you can use depends on which type of certificate you’re requesting.

HTML Page

You will receive an email from us with a unique identifier, which will be in a line of the email: “Your unique ID for these methods is [uniqueID].”

• Use an app like Notepad or TextEdit to create a file named starfield.html.
• Copy your unique ID, and only your unique ID, into the file. For example, if your unique ID was 12345, the content of your new .html file would be: 12345
• Create a directory named “/.well-known/pki-validation/” in the highest-level directory of the website for the common name you’re using. Usually, this is the website’s root directory – for example, a directory named coolexample.com. For more info, see Find my website’s root directory in Web & Classic Hosting. Note: If you are running a Windows server, you will have to name the folder /.well-known./ instead of /.well-known/, or your server won’t let you create the folder.
• Place the new .html file in the pki-validation directory. For example, after you place the file at that location, the file’s URL would be http://coolexample.com/.well-known/pki-validation/starfield.html.
• Verify that you can access starfield.html in a web browser, and then use the instructions in the To Verify Your Domain Name Ownership section of this article.

Note: If the SSL certificate is for the root domain, the HTML file must be findable at http://coolexample.com/.well-known/pki-validation/starfield.html

DNS Record

After uploading the HTML page or creating the TXT record, you need to let us know so we can verify your domain name ownership.

To Verify Your Domain Name Ownership

• Log in to your account.
• Click SSL Certificates.
• Next to the certificate you want to use, click Manage.
• Click Check my update.

It can take 5-10 minutes for your verification to complete.

When your SSL certificate isn’t set to auto-renew, you have a 90-day window to purchase a renewal credit and apply it to the certificate. The window goes from 60 days before to 30 days after the expiration date.

ALERT: If you haven’t completed the renewal by the expiration date, your website displays an error message and won’t be accessible to your visitors.

If you’re using a Standard (DV) certificate with the primary domain for your account, and you’ve set the certificate to auto-renew, no further action is needed on your part. Renewing your SSL certificate is completely automated.

For all other certificates, including certificates for an add-on domain, follow these steps.

• Go to your product page.
• Select SSL Certificates and do one of the following for the certificate you want to renew:
  • If the billing for your renewal is already completed, skip to the next step.
  • If you don’t have auto-renew, select Renew if you don’t have auto renew. If you have auto-renew, select Renew now.
• Select the certificate you want to renew, select Continue to Cart, and complete the transaction for your renewal.

If this was your primary domain and your site is hosted with us, you’re done! We’ll install your renewed certificate for you. If your site is hosted with a third party or this is for an add-on domain, you need to install the renewed certificate.