Thank you for choosing Infomaniak for secure your sites with an SSL certificate EV or DV of Sectionigo.

An SSL certificate secures all exchanges between your server and your visitors, displays a lock and adds the https to your site.

Which SSL certificate to choose?

• What are the conditions for having an EV SSL certificate?
• What are the differences between an EV and DV certificate?
• Can I order an SSL certificate from Infomaniak if my site is hosted elsewhere?
• What exactly does the guarantee of a sectorigo SSL certificate cover?

What do you want to do?

• Correct any errors after having activated an SSL certificate
• Install a free SSL certificate from Let's Encrypt on a site
• Install a wildcard type certificate
• Uninstall a Let's Encrypt certificate
• Update a Let's Encrypt Certificate (e.g. after adding/deleting aliases)
• Be aware of all SSL FAQs
• Contact Infomaniak Support

This guide explains how renew a wildcard certificate via DNS challenge using Certbot.

Create an API Token Infomaniak

To this end:

1. Click here to access API management on the Infomaniak Manager (Need help?).
2. Create an API token with the "domain" scope.
3. Note this token for further use.

Generate wildcard certificate

Run the Certbot command with the following settings:

certbot certonly --manual -d *.domain.tld --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory

Create TXT record

Create the TXT record for _acme_challengez.domain.tld manually from the Infomaniak interface.

Configure autorenewal

Create the renewal configuration file

Create or edit the file /etc/letsencrypt/renewal/domain.tld.conf with the following information:

	[...]	
	[renewalparams]	
	account = xxxxx	
	pref_challs = dns-01,	
	server = https://acme-v02.api.letsencrypt.org/directory	
	authenticator = manual	
	manual_auth_hook = /root/infomaniak-auth.sh	
	key_type = rsa

Create script infomaniak-auth.sh

Create File /root/infomaniak-auth.sh with the following content:

	#!/bin/bash	
	INFOMANIAK_API_TOKEN=XXXXXXX	
	certbot certonly \	
	--authenticator dns-infomaniak \	
	--server https://acme-v02.api.letsencrypt.org/directory \	
	--agree-tos \	
	--rsa-key-size 4096 \	
	-d $CERTBOT_DOMAINdsqqds

Replace XXXXXXX by your Token Infomaniak API.

Automatic renewal

Plan for regular execution of certbot renew via a cron task to take into account the configuration file and automatically renew your certificate at regular intervals.

0 0 */x * * /usr/bin/certbot renew --quiet --config /etc/letsencrypt/renewal/domain.tld.conf

Replace /x by the desired frequency of renewal, e.g. every 30 days.

Important remarks

• Protect configuration files and scripts containing sensitive information such as token APIs.
• Test the manual and automatic renewal process to ensure that everything works properly before the expiry date of the existing certificate.

This guide details the conditions and procedure for obtaining a SSL EV certificate from Sectorigo with Infomaniak.

Prerequisites

• Extended validation SSL certificates (EVs) can only be granted to organisations, companies and companies legally registered with a recognized government authority (such as a business register).
  • The DV certificates of Sectionigo and Let's Encrypt are not subject to this constraint.
  • Compare SSL certificates available

Procedure for validation of EV certificates

Obtaining an EV SSL certificate can take up to 24 hours and requires valid information from the customer.

This procedure is Repeated every 12 months, regardless of the duration of the subscription chosen for the EV certificate.

1. Verification of the company's contact details

The data to be added to the certificate must first be verified from an independent source:

• legal or commercial name
• legal form
• the address
• the postal code
• the region / canton / department
• country/country code

Attention:

• The name of the company must correspond exactly to the one entered in the register or the Chamber of Commerce; the order can only be processed if the given name is registered and correctly marked.
• Only the registered legal name or the name of the mark followed by the legal name in parentheses is allowed [example: Commercial name (Legal name)]; for entities without legal name, all trade names may be used.
• It is prohibited to use a postal address.

In view of the above, a new request with correct data in the CSR is sometimes necessary, and Infomaniak may also need your approval to make changes to the information provided during the order.

2. Verification of data in the WHOIS directory

The WHOIS directory displays the information of the owner of a domain name. This data must correspond to the information provided when ordering the SSL EV certificate.

To update the information of a domain in WHOIS:

• If your domain is managed at Infomaniak, be aware of this other guide.
• If your domain is not managed by Infomaniak, contact your host/registrar.

3. Contract & validation for EV certificate

After ordering an EV certificate, the contact person of the company designated on the order will receive an e-mail from the certification authority Sectorigo with the following documents:

• the certificate application form
• the contract of the certificate

These documents are pre-filled and must be validated online by the contact person using an additional code. This will be provided by a sectionigo telephone robot (the telephone number will come from the Netherlands, +31 88 775 77 77 in principle) orally to your number registered with the register or the Chamber of Commerce.

Each certificate application is validated by telephone, including renewals and reissues of multi-domain certificates.

4. Domain verification (for external sites only)

This step checks that you have control of the domain (if it is external to Infomaniak) for which the certificate is requested. The domains of the sites hosted at Infomaniak are automatically validated.

Each (sub) domain must be individually approved using one of the methods described in this other guide.

This guide details the conditions and procedure for using a Sectigo Infomaniak certificate on a site hosted elsewhere, with a third-party host.

In fact, you have the possibility of benefiting from Infomaniak's advantageous rates for your SSL certificates while managing your sites with another host.

How to do ?

Due to different providers, the installation of your certificate will not be automatic.

1. Obtain the CSR

Export the CSR configuration file from your host and enter it when ordering your certificate from Infomaniak.

2. Confirm domain ownership

Validate the domains included in the certificate via one of the following methods:

• entering a validation code received at one of the following email addresses:
  • admin@domain-to-validate.tld
  • administrator@domain-to-validate.tld
  • hostmaster@domain-to-validate.tld
  • postmaster@domain-to-valider.tld
  • webmaster@domaine-à-valider.tld
• creating a unique CNAME record in domain DNS
• validation txt file to upload via FTP to your site

This guide details the validity rules of EV and DV SSL certificates (effective from September 1, 2020).

Validity Period of SSL Certificates

Following a meeting of the CA/B Forum, which brings together major players in the Web (Safari, Google Chrome, Mozilla Firefox, etc. - learn more), the decision was made to set the maximum validity period of SSL certificates to 397 days. This change aims to limit the risk of certificate hacking and increase the security level of certificates. It is not excluded that the maximum validity period of a certificate will be further shortened in the coming years. Some actors like Apple, Google, or even Sectigo are pushing in this direction.

Sectigo DV SSL Certificates

Sectigo DV SSL certificates with a duration of more than 1 year are automatically renewed by Infomaniak (certificate reissued during the month preceding its expiration date).

It is necessary to reinstall the certificate on your site if it is not managed by Infomaniak.

Sectigo EV SSL Certificates

Sectigo EV SSL certificates must be validated annually, regardless of the chosen subscription duration.

It is necessary to reinstall the certificate on your site if it is not managed by Infomaniak.

This guide explains the main differences between EV and DV certificates.

EV SSL certificates: for companies
 

The Sectigo EV SSL certificate can only be issued to companies registered on the commercial register or with the chamber of commerce. It ensures your clients the highest level of trust and offers unique advantages in addition to including the benefits of a DV certificate:

• Your company name in the navigation bar (find out more)
• Padlock in the navigation bar
• Dynamic secure site seal
• Validation of your domain name
• Manual authentication of the details and identity of your company
• Guarantee of up to $1750,000.00 for end users
• Support 7/7

Activation of an EV SSL certificate can take up to 24 hours and requires certain actions on your part.

DV SSL certificates: for companies and individuals

The Sectigo DV certificate is open to both individuals and companies. It does not include some of the advantages mentioned above, but it does offer extra benefits compared to free Let's Encrypt SSL certificates:

• Dynamic secure site seal
• Validation of your domain name
• Guarantee of up to $10000.00 for end users
• Support 7/7

DV SSL certificates are activated immediately.

And Let's Encrypt certificates?
 

A free Let's Encrypt certificate guarantees the same level of encryption as an EV or DV certificate. However, Let's Encrypt certificates do not offer the following benefits:

• Manual authentication of the details and authenticity of your company (EV)
• Guarantee for end users in the event of fraud (EV/DV)
• Support in the event of questions

In short, Let's Encrypt certificates ensure encryption of communications between your users and your site, but do offer cybernauts the guarantee that they are on a legitimate site the identity of which has been authenticated by a certification body.

The guarantee provided with an EV or DV SSL certificate protects your users against incidents linked to any validation errors by Sectigo, the certification body that delivers SSL certificates and validates your personal data.

The guarantee is therefore applicable if the certification body does not correctly validate the information contained in the digital certificate and if this failure leads to a financial loss for the end user in the context of a fraudulent credit card transaction.

This guide explains how to uninstall a SSL certificate Whatever its type, initially installed from the Manager Infomaniak.

Delete an SSL certificate

To uninstall a Infomaniak certificate:

1. Click here in order to access the management of your product on the Manager Infomaniak (Need help?).
2. Click directly on the nameallocated to the product concerned:
   
3. Click on the action menu 的located to the right of the element concerned.
4. Click on Uninstall:
   
5. Confirm the certificate's uninstallation.

This guide explains how to add a dynamic trust seal on a secured site with a Sectigo SSL certificate.

Preface

• Infomaniak, as a hosting provider, offers SSL certificates to secure its clients' websites
• Sectigo (formerly known as Comodo) is a recognized SSL certificate provider that offers different levels of security
• The "dynamic trust seal," or "Sectigo Trust Seal" / "Sectigo Trust Logo," is a visual that website owners can display on their pages to indicate to visitors that their connection is secure, a sign of trust that informs users that transactions and information exchanges made on the site are encrypted and protected by an SSL certificate issued by Sectigo
• By using a Sectigo SSL certificate and displaying the dynamic trust seal, a website at Infomaniak thus benefits not only from securing data exchanges but also from an increase in user trust, which is essential in e-commerce and for protecting personal information

Add a Trust Seal

Here’s how a dynamic trust seal works:

1. Validation: To obtain such a seal, the site owner must first obtain a valid SSL certificate from Sectigo, which requires a validation process; depending on the chosen certificate level (Domain Validation - DV, Organization Validation - OV, or Extended Validation - EV), this validation may be more or less thorough
2. Installation: Once the SSL certificate is obtained and installed on Infomaniak's web server, the website can then establish secure connections via HTTPS
3. Seal Display: Sectigo provides HTML code or a script that the site owner can then integrate into their website; this code allows the display of the Sectigo dynamic trust seal
4. Update: The seal is often updated in real-time to reflect the current status of the SSL certificate; if the certificate were to expire or be revoked, the seal would also reflect this, thus warning potential visitors that the site may no longer be secure
    

The trust seal consists of an image and HTML code. This code only works if a Sectigo certificate is installed on the site and generates an interactive logo that displays the certificate data.

Save one of the images below

Right-click on the image to save, then click Save image as...

• Small
• Medium
• Large

Upload the image to your site

Upload the image to your web server (via FTP or your CMS) and note the URL of this image for the next step (e.g., https://domain.xyz/wp-content/uploads/sectigo.png).

Get the code to integrate into your pages

Enter the full address of your image on the page https://www.trustlogo.com/install/index2.html to check if the image is reachable.

Click the Continue button on the same page to obtain the 2 codes to copy/paste into the header of your web page(s):

Important:

• ‍In the code, CL1 corresponds to an SSL certificate DV; replace CL1 with SC5‍ for an SSL certificate of type EV

This guide explains how export an SSL certificate from Manager Infomaniak.

Preamble

• Downloading the certificate produces a file in format .zip.
• Archive contains files .key and .crt.
• It is recommended to store this certificate and its private key in a secure place, as it could allow access to your encrypted data:
  

Export an SSL certificate

To access the management of your certificates:

1. Click here in order to access the management of your product on the Manager Infomaniak (Need help?).
2. Click directly on the nameallocated to the product concerned.
3. Click on the action menu ⋮ to the right of the object concerned in the array that appears.
4. Choose Export Certificate and follow the instructions to download the archive: