SSL Certificate FAQs

  1. What happens if the SSL Certificate expires?
  2. How is a certificate approved?
  3. What method is better to approve a certificate?
  4. If I decide to approve the certificate using email validation, how will that annual renewal be done?/OBM?
  5. Can we send the instructions for activating the certificate along with the instructions for getting live with a website at a time?

1. What happens if the SSL Certificate expires?


The website won't work until the SSL Certificate is approved again.


2. How is a certificate approved?


There are two ways to approve a certificate:

By email (The certificate requires annual renewals):

a) An email is sent to the following email addresses:

  • administrator@your_domain_name
  • hostmaster@your_domain_name
  • postmaster@your_domain_name
  • webmaster@your_domain_name
  • admin@your_domain_name

Also the Email will be sent to the following three registered contact addresses in WHOIS:

  • Domain registrant
  • Technical contact
  • Administrative contact

b) The client approves the request at any of those addresses. (Important to know that the request expires after 3 days)

c) We check that the certificate has been approved correctly and install it on the website

 

Via DNS (Renewals are completely automatic and contactless)

a) The customer simply has to create a CNAME record (which we provide) in their DNS settings.

b) Once that record is created in their DNS, we check that the certificate is approved and install it on the website.

 


3. What method is better to approve a certificate?


Both are valid methods, but approval through DNS has the advantage that the certificate does not expire, it is updated automatically without the need for intervention by the client or by us.

On the other hand, the validation by email, causes the certificate to expire in one year and requires the intervention of the client.

 


4. If I decide to approve the certificate using email validation, how will that annual renewal be done?/OBM?


Currently, Amazon automatically sends renewal requests for approved domains through email validation to the email addresses mentioned in point 2 above.

For this reason, the client must be pending each year of one of these accounts, to validate the certificate before the email expires. And once they have approved it, the certificate will be renewed.

 


5. Can we send the instructions for activating the certificate along with the instructions for getting live with a website at a time?


No, It have to be by separate, because to know where the DNS has to point (to go out alive) we need to have the certificate approved before