Knowledge base

Thank you for choosing Infomaniak to secure your sites with an EV or DV Sectigo SSL certificate (formerly Comodo).

An SSL certificate secures all exchanges between your server and your visitors, displays a padlock, and adds https to your site. 

If you have a company registered in the registry or the Chamber of Commerce, you have the option to display your brand or organization name in the browser's address bar with an EV SSL certificate.
 

Which SSL certificate to choose?
 

• What are the conditions for getting an EV SSL certificate?
• What are the differences between an EV and DV certificate?
• Can I order an SSL certificate from Infomaniak if my site is hosted elsewhere?
• What does the Sectigo SSL certificate warranty cover exactly?

What would you like to do?

• Fix errors after activating an SSL certificate
   
• Install a free Let's Encrypt SSL certificate on a site
   
• Uninstall a Let's Encrypt certificate
• Update a Let's Encrypt certificate (e.g., after adding/removing aliases)
• Generate a CSR certificate for all subdomains of a domain (wildcard)

I couldn't find the answer to my question

We're here for you 7/7. Feel free to contact us by email, chat, or phone.
 

This guide details the validity rules of EV and DV SSL certificates (effective from September 1, 2020).

Validity Period of SSL Certificates

Following a meeting of the CA/B Forum, which brings together major players in the Web (Safari, Google Chrome, Mozilla Firefox, etc. - learn more), the decision was made to set the maximum validity period of SSL certificates to 397 days. This change aims to limit the risk of certificate hacking and increase the security level of certificates. It is not excluded that the maximum validity period of a certificate will be further shortened in the coming years. Some actors like Apple, Google, or even Sectigo are pushing in this direction.

Sectigo DV SSL Certificates

Sectigo DV SSL certificates with a duration of more than 1 year are automatically renewed by Infomaniak (certificate reissued during the month preceding its expiration date).

It is necessary to reinstall the certificate on your site if it is not managed by Infomaniak.

Sectigo EV SSL Certificates

Sectigo EV SSL certificates must be validated annually, regardless of the chosen subscription duration.

It is necessary to reinstall the certificate on your site if it is not managed by Infomaniak.

This guide explains how to uninstall an SSL Certificate of any type, originally installed from the Infomaniak Manager.

Remove an SSL Certificate

To uninstall an Infomaniak certificate:

1. Log in to the Infomaniak Manager (manager.infomaniak.com) from a web browser like Brave or Firefox
2. Navigate through the left sidebar menu
3. Choose SSL Certificates (universe Web & Domain)
4. Click on the name of the relevant item in the displayed table
5. Click on the Manage button
6. Click on Uninstall
   
7. Confirm the uninstallation of the certificate

This guide explains how to export an SSL certificate to have it in the form of a .zip archive containing the .key and .crt files.

We recommend storing this certificate and its private key in a secure location, as the latter could allow access to your encrypted data.

Export an SSL Certificate 

To access the certificate management:

1. Log in to Infomaniak Manager (manager.infomaniak.com) from a web browser like Brave or Edge
2. Navigate through the left sidebar menu
3. Choose SSL Certificates (universe Web & Domain)
4. Click on the name of the relevant object in the displayed table
5. Click on the action menu ⋮ to the right of the relevant object in the displayed table
6. Click on Manage
7. Choose Export the certificate and follow the instructions
   

This guide explains how to replace the main domain name associated with a Website hosted on Infomaniak if you want to, for example, change your business name or correct the spelling.

Introduction

• It is not possible to simply change the spelling of the domain name concerned.
• You need to have the new domain name and install it in place of the current one by performing a swap (see below).
• You can also rename your Web Hosting product in the Infomaniak Manager, but changing the name of a hosting product has no impact on the site URLs.
• You need to act on the domain name and, if necessary, adjust the site content.

Change the Website's Domain Name

To replace the domain name assigned to the site with another domain name:

1. Prepare the new domain name (if necessary, you need to purchase it)
   1. If the change you are seeking is more of a "subdomain" to "main domain" (e.g., dev.domain.xyz → domain.xyz), then read this guide
2. Log in to the Infomaniak Manager (manager.infomaniak.com) using a web browser like Brave or Firefox.
3. Click on the ‍ icon at the top right of the interface (or navigate using the left sidebar menu, for example).
4. Select Hosting (in the Web & Domain section).
5. Click directly on the name of the relevant item in the displayed table
   
6. Click on the relevant site (in the Sites section)
   
7. Read the guide to add the new domain as an alias to your site (be sure to read the prerequisites)
   

It is this alias that will replace the current main domain name after the swap you will perform. So once the alias domain is added to your site, still in the same place in the Manager (in the Sites section):

1. Click on the action menu ⋮ to the right of the alias intended to become the main domain (in the Domains section).
2. Select Set as main domain
   
3. If necessary, remove the old domain name and its variants that have become alias domains.

If you are using a SSL certificate, you will need to update it to include the added aliases.

If you are using the dedicated IP option, you need to uninstall and reinstall it after the swap you will perform.

Adapt the Site Content to the New Name

In some cases, the web application used for the site development may require some adjustments to work with the new domain name. Click on the link corresponding to the development of your site to adapt the content:

• WordPress
• Joomla
• Prestashop
• application provided in WordPress & Apps

This guide helps you identify and correct errors encountered when trying to use your email software like Microsoft Outlook, Mozilla Thunderbird, Apple Mail, etc.
 

Always use...
 

• the unique server name: mail.infomaniak.com (for IMAP receiving servers and SMTP sending servers)
• the correct incoming/outgoing port numbers
• authentication in the settings when prompted, and enter the username (your full email address) and password in the fields for mandatory authentication if necessary
• the correct email address password, which is usually different from the username used to log in to Infomaniak (click here to check if you are using the correct password and, if necessary, change your email address password)
• an existing email address that must have been actually created (or defined as an alias)
• only one protocol at a time (never check an email with devices configured in POP3 for some and IMAP for others as these two protocols do not work well together)

Always try to...
 

• compare recommended settings for the software used, especially if you have just changed the password on the Infomaniak side
• retrieve your emails using a different network (WiFi, tethering from 4G/5G, or any other internet connection)
• temporarily disable your security software (antivirus, firewall, VPN...); if you can then retrieve emails normally, contact the publisher of the security software you are using
• type your password in plain text in a text editor; depending on your keyboard configuration, the A key may refer to the letter Z and the Q key may refer to the letter A...
• restart and try again to send/receive: some applications require validating the configuration settings window several times or require them to be restarted to take into account their new settings
• compose a new message after modifying your settings: a message being drafted that would be saved in the Drafts folder may not take into account any configuration changes

Types of errors

• 0x800... - read this guide
• certificate error (SSL or other) - read this guide
• 550 5.7.1 relaying denied or Proper authentication required - read this guide
• 535 5.7.0 authentication failed - read this guide

but also:

• "573 Antispam: Connexion authentifiee pas possible. Veuillez utiliser le port 587 a la place du port 25."
  or "An operation on the server timed out. The server may be down, overloaded, or there may be too much net traffic."
  or "le délai imparti est dépassé" with an error number following it (421, or 573 for example).
  Most ISPs (Internet Service Providers) blocked SMTP port 25 many years ago. Therefore, you should never specify port 25 as the SMTP port. To be able to send emails nevertheless, use the recommended ports.

This guide explains how to obtain a personalized SSL certificate that you can use with Jelastic Cloud at Infomaniak.

Documentation for SSL

• It is quite possible to buy an SSL certificate from Infomaniak in order to install it on Jelastic Cloud afterwards
• Integrated into Jelastic Cloud, you will also find a certificate valid only for xxx.jcloud.ik-server.com domains
• Let's Encrypt certificates can also be obtained for free and for any domain
• It is possible to obtain a paying certificate , for any domain
• For the purpose of testing, you can also set up a self-signed certificate

This guide explains how to install a free SSL certificate from Let's Encrypt on a website hosted by Infomaniak.

Installing a Free SSL Certificate on a Website

To access Web Hosting and install an SSL certificate:

1. Log in to the Infomaniak Manager (manager.infomaniak.com) from a web browser like Brave or Firefox
2. Click on the ‍ icon at the top right of the interface (or navigate using the left sidebar menu, for example)
3. Choose Website (under Web & Domain)
4. Click on the name of the relevant object in the displayed table
5. Click on SSL Certificates in the left sidebar menu
6. Click the blue Install an SSL certificate button
   
7. Choose the site where the certificate should be installed
8. Select Free SSL Certificates and click Save
9. You will receive a confirmation email when the SSL certificate is installed

Once the certificate is installed, your website will be accessible via both http and https. If necessary, redirect all your visitors automatically to the secure https site.
 

If you want to include a recently added alias domain to your site that already had a certificate, you need to update it.
 

For multiple subdomains, refer to this guide (click here).

Limitations

Let's Encrypt limits certificate installations to:

• 100 subdomains
• 20 certificates per registered domain in 7 days
• 5 failed requests per account per hostname per hour

If You Encounter an Issue

If you encounter any issues, please read this guide (click here).

This guide details the conditions and procedure to obtain an EV SSL certificate from Sectigo.

Extended Validation (EV) SSL certificates can only be granted to organizations, companies, and businesses registered with the registry or chamber of commerce. DV certificates from Sectigo and Let's Encrypt are not subject to this constraint.

Compare available SSL certificates

Procedure for validating EV certificates

Obtaining an EV SSL certificate may take up to 24 hours and requires valid information from the client.

This procedure is repeated every 12 months, regardless of the chosen subscription duration for the EV certificate.

1. Verification of company details

The data to be added to the certificate must first be verified from an independent source:

• the legal or trading name
• the legal form
• the address
• the postal code
• the region / canton / department
• the country / country code

Attention:

• the company name must match exactly the one registered with the registry or chamber of commerce; the order can only be processed if the given name is registered and correctly noted
• only the registered legal name or the trading name followed by the legal name in parentheses is allowed [example: Trading name (Legal name)]; for entities without a legal name, all trading names can be used
• using a postal address is prohibited

In light of the above, a new request with correct data in the CSR may sometimes be necessary, and Infomaniak may also require your approval to make changes to the information provided during the order.

2. Verification of data in the Whois directory

The Whois directory displays information about the owner of a domain name. This data must match the information provided when ordering the EV SSL certificate.

To update a domain's information in Whois:

• if your domain is managed by Infomaniak, follow this guide (click here)
• if your domain is not managed by Infomaniak, contact your hosting provider/registrar

3. Contract & validation for the EV certificate

After ordering an EV certificate, the designated company contact person will receive an email from the Sectigo certification authority with the following documents:

• the certificate request form
• the certificate contract

These documents are pre-filled, and the contact person must validate them online using an additional code. This will be provided by an automated Sectigo phone robot (the call number will come from the Netherlands, +31 88 775 77 77 in principle) orally to your registered number with the registry or chamber of commerce.

Each certificate request is validated by phone, including renewals and reissues of multi-domain certificates.

4. Domain verification (only for external sites)

This step verifies that you have control of the domain (if it is external to Infomaniak) for which the certificate is requested. Domains of sites hosted at Infomaniak are automatically validated.

Each (sub-) domain must be individually approved via one of the methods described in this guide (click here).

This guide explains how to…

1. … generate a CSR and private key to request a third-party certificate from a Certificate Authority (CA)
2. … import that certificate for your Infomaniak website, using the CRT obtained from the CA

Prerequisites

• While Infomaniak offers all the SSL certificates you might need…
  • Free Let's Encrypt certificates for personal websites (only available for websites hosted on Infomaniak)
  • DV certificates from Sectigo for professional/personal websites not registered in the commercial register
  • EV certificates from Sectigo for businesses listed in the commercial register
• … it is also possible to install an SSL certificate obtained elsewhere (intermediate certificate from a certification body of your choice), custom certificates, or self-signed certificates.

1. Generate a CSR (Certificate Signing Request)

A CSR (Certificate Signing Request) is an encoded file containing the information required to request an SSL/TLS certificate. It must be generated on your end to ensure that the private key remains under your control, for example, by using OpenSSL.

Adapt and run this command in a terminal:

openssl req -utf8 -nodes -sha256 -newkey rsa:2048 -keyout domain.xyz.key -out domain.xyz.csr -addext "subjectAltName = DNS:domain.xyz, DNS:www.domain.xyz"

Explanation

• newkey rsa:2048: Generates a new RSA key of 2048 bits.
• keyout domain.xyz.key: Specifies the file where the private key will be saved.
• out domain.xyz.csr: Specifies the file where the CSR will be saved.
• addext “subjectAltName = ...”: Adds additional domains through the SAN (Subject Alternative Name) extension, necessary to include all desired domains in the certificate (the primary domain domain.xyz + any related domain or subdomain such as www.domain.xyz).

After generation, you can verify the contents of the CSR with the following command:

openssl req -in domain.xyz.csr -noout -text

This allows you to verify that all the domains listed in subjectAltName are correctly included.

Once the CSR is generated, you can send it to the Certificate Authority (CA) to obtain your SSL/TLS certificate.

2. Import the external certificate

Once validated, the CA will provide you with a certificate (domain.xyz.crt) and sometimes an intermediate certificate (ca_bundle.crt). To access SSL certificate management:

1. Click here to access your product management in the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on SSL Certificates in the left-hand menu.
4. Click the blue button Install a certificate:
   
5. Select the custom certificate option.
6. Click the Next button:
   
7. Import your certificate and private key, either by uploading the .crt and .key files or by copy-pasting.
8. Click Complete:
   

Alternative command to generate a self-signed certificate (optional)

If you want a local certificate for testing purposes or without going through a CA (not recommended for production), you can use this command:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout domain.xyz.key -out domain.xyz.crt -addext “subjectAltName = DNS:domain.xyz, DNS:www.domain.xyz”

This generates both a self-signed certificate (domain.xyz.crt) and a private key (domain.xyz.key). However, self-signed certificates are not recognized as valid by browsers or public systems. They are only suitable for internal or development environments.