How Do Multi-Year SSL Certificate Subscriptions Work?¶
- How to Purchase a Multi-Year Certificate
- How to Reissue a Multi-Year Certificate
- Frequent Questions about Multi-Year Certificates
- Why does my certificate now only last one year?
- What about my old 2-year SSL subscription? Is it still valid?
- If the certificate only lasts one year, how can I subscribe for multiple years?
- What is the maximum length of subscription available?
- What do I need to do to reissue my certificate when it is time?
- Why do I need to verify my identity every year, when I already proved my identity previously?
- Can I cancel my subscription?
In 2020, several major browsers declared they would no longer support SSL certificates with an expiration date past 398 days (1 year plus a grace period). Certificate Authorities, such as our partner company Sectigo, were then no longer able to offer 2-year SSL certificates, since they would be rejected as invalid by browsers used by a large portion of the internet community.
While this change undoubtedly improves the security of the internet as a whole, it is an inconvenience for many website owners. Previously website owners could save some money by buying longer-term SSL certificates, which represented an overall lower cost than renewing their certificate every year.
As a result, Gandi has teamed up with Sectigo, our partnering Certificate Authority, to offer multi-year SSL certificate subscriptions. With multi-year subscriptions, you receive the cost benefit of paying for several years up front while still meeting the requirement of reissuing the certificate every year.
The multi-year subscription still requires you to reissue your SSL certificate every year. See below for more information.
You will receive reminder emails asking you to complete any needed steps starting 30 days before your current certificate expires. These emails will explain what steps you need to take to reissue your certificate. You can also go to the SSL section of your account at any time to view the current status of your SSL certificates, as well as find out what steps need to completed to reissue any expiring certificates.
After the end of your subscription period you will then need to renew your SSL certificate. When you renew you can choose to start another multi-year subscription and again pay for multiple years at once.
Follow the normal process for creating a SSL certificate and choose the 2-year option when it is presented to you.
The steps required to reissue depend on the type of certificate you purchased.
Go to the SSL section of your account and find the SSL certificate you need to reissue. Click on the certificate and you will find instructions on what steps you need to take to reissue your certificate.
The companies behind several of the most common internet browsers decided they will no longer accept 2 year certificates as valid starting in September of 2020. This means that a 2-year certificate will be rejected and your site will be treated by these browsers as if there were no SSL certificate at all. For this reason, 2-year certificates are no longer viable as a product.
Two-year SSL certificates purchased before September 1, 2020 will remain valid and be accepted by all browsers throughout the two years of the original subscription. Only SSL certificates created after this date will be rejected as invalid by browsers.
When you purchase a multi-year subscription you are essentially buying a volume discount. You can pay for multiple years at once and enjoy a lower price. You will still need complete any necessary steps to reissue the certificate every year.
At first we will offer a subscription for up to 2 years. We hope to lengthen this offer in the future.
The steps to reissue your certificate depend on the type of certificate you purchase. Generally, whatever steps are needed to issue the certificate the first time will be needed every year.
If you have a fully automated certificate on a Simple Hosting instance with no identify verification required, we can reissue your certificate automatically with no action from you.
If you have an automated certificate on a Simple Hosting instance that requires identity verification, such as with our Pro and Business certificates, then the only step you need to complete is to go through the same identity verification process.
If you have generated your own CSR, such as for use on a website not hosted by Gandi, then you will need to submit a new CSR every year.
You can check what is required by looking up your SSL certificate in the SSL section of your account.
The identity verification is intended to prove that your business is still operating and that the contact information provided is currently correct. Although going through identity verification can take some work on your part, verifying your business is still running and can be reached at the provided contact details is one of the key purposes of an SSL certificate. Requiring more frequent verification protects your business from being impersonated by bad actors, and likewise protects your customers as well.
Before this change, you would still need to go through the verification process every time you renewed your SSL certificate. The only change is that this now must be done every year instead of every other year.
As with all our SSL certificates, you have a 30 day guarantee. If you are dissatisfied for any reason within 30 days of your purchase you can contact our support team and ask for a refund.
If you wish to cancel a multi-year SSL certificate subscription past the first 30 days, contact our support team.