How Do Multi-Year SSL Certificate Subscriptions Work?¶
In 2020, several major browsers declared they would no longer support SSL certificates with an expiration date past 398 days (1 year plus a grace period). Certificate Authorities, such as our partner company Sectigo, were then no longer able to offer 2-year SSL certificates, since they would be rejected as invalid by browsers used by a large portion of the internet community.
While this change undoubtedly improves the security of the internet as a whole, it is an inconvenience for many website owners. Previously website owners could save some money by buying longer-term SSL certificates, which represented an overall lower cost than renewing their certificate every year.
As a result, Gandi has teamed up with Sectigo, our partnering Certificate Authority, to offer multi-year SSL certificate subscriptions. With multi-year subscriptions, you receive the cost benefit of paying for several years up front while still meeting the requirement of reissuing the certificate every year.
Warning
The multi-year subscription still requires you to reissue your SSL certificate every year. See below for more information.
You will receive reminder emails asking you to complete any needed steps starting 30 days before your current certificate expires. These emails will explain what steps you need to take to reissue your certificate. You can also go to the SSL section of your account at any time to view the current status of your SSL certificates, as well as find out what steps need to completed to reissue any expiring certificates.
After the end of your subscription period you will then need to renew your SSL certificate. When you renew you can choose to start another multi-year subscription and again pay for multiple years at once.
How to Purchase a Multi-Year Certificate¶
Follow the normal process for creating a SSL certificate and choose the 2-year option when it is presented to you.
How to Reissue a Multi-Year Certificate¶
Warning
For multi-year certificates, your old certificate will be revoked 48 hours after your certificate is reissued.
The steps required to reissue depend on the type of certificate you purchased. When you reissue, you are essentially doing a special regeneration of your certificate, and so the steps you used when you originally created your certificate will need to be repeated. Start by following these steps:
After logging in, click on “SSL Certificates” in the left navigation menu.
Click on the name of the certificate to see the information page for that certificate.
Click on the “Reissue” button.
Follow the instructions to complete the reissue of your certificate.
The instructions on how to complete the reissue will guide you through the process of regenerating a new certificate using the same process you used when you started. For example, if you use an automatically generated SSL certificate, you may not need to complete any additional steps. If you went through a verification process, you will need to repeat this process again.
The old certificate will be revoked 48 hours after the new certificate is reissued.
Frequent Questions about Multi-Year Certificates¶
Why does my certificate now only last one year?¶
The companies behind several of the most common internet browsers decided they will no longer accept 2 year certificates as valid starting in September of 2020. This means that a 2-year certificate will be rejected and your site will be treated by these browsers as if there were no SSL certificate at all. For this reason, 2-year certificates are no longer viable as a product.
What about my old 2-year SSL subscription? Is it still valid?¶
Two-year SSL certificates purchased before September 1, 2020 will remain valid and be accepted by all browsers throughout the two years of the original subscription. Only SSL certificates created after this date will be rejected as invalid by browsers.
If the certificate only lasts one year, how can I subscribe for multiple years?¶
When you purchase a multi-year subscription you are essentially buying a volume discount. You can pay for multiple years at once and enjoy a lower price. You will still need complete any necessary steps to reissue the certificate every year.
What is the maximum length of subscription available?¶
At first we will offer a subscription for up to 2 years. We hope to lengthen this offer in the future.
What do I need to do to reissue my certificate when it is time?¶
You can find the steps to reissue a certificate in the above section.
Why do I need to verify my identity every year, when I already proved my identity previously?¶
The identity verification is intended to prove that your business is still operating and that the contact information provided is currently correct. Although going through identity verification can take some work on your part, verifying your business is still running and can be reached at the provided contact details is one of the key purposes of an SSL certificate. Requiring more frequent verification protects your business from being impersonated by bad actors, and likewise protects your customers as well.
Before this change, you would still need to go through the verification process every time you renewed your SSL certificate. The only change is that this now must be done every year instead of every other year.
Can I cancel my subscription?¶
As with all our SSL certificates, you have a 30 day guarantee. If you are dissatisfied for any reason please contact our support team within 30 days of your purchase and we may be able to provide a refund.
Unfortunately, no cancellation or refund is possible 30 days after the initial purchase of a multi-year certificate.