ACME SSL certificates
No stress SSL with ACME Automation
Stay a step ahead of cyber threats and never worry about manual mistakes with the fully automated ACME SSL protocol. Enjoy hands-off renewals and no expiration surprises: just select a subscription, add your domains, and enjoy continous protection.
From €15.99 / year
AUTOMATE YOUR SSLLEARN MORE
Explore our ACME SSL subscription options
All subscriptions are fully automated. Select OV or DV to match your organisation’s required level of trust, and add a wildcard to protect all subdomains with a single certificate.
Discover top-tier security with Sectigo
Designed to minimize errors
ACME Automation reduces the risk of manual mistakes leading to missed renewals or incorrect installations.
Compliant with Rising Standards
The new 47-day maximum validity standard for SSL certificates will require faster renewals. By automating now, you stay ahead.
Guaranteed continous protection
The ACME protocol eliminates manual steps, reducing gaps in your security by keeping your SSL certificate active at all times.
How to activate your SSL subscription
Choose Your Subscription
Select the number of domains you want to secure and decide whether you need a wildcard to protect subdomains. You can adjust your subscription as your domain portfolio evolves.
Configure Your Domains
Add the domains you want to protect and activate your ACME SSL subscription. For OV certificates, you’ll need to complete an organization profile for validation.
Set Up Your ACME Client
Install your preferred ACME client, such as Certbot, on your server or platform. Use your EAB credentials to securely connect it to the Sectigo ACME service.
Link Your ACME Account
Connect your ACME client to your subscription and request your first certificate. Once it’s issued, your setup is ready to use.
Enable Automatic Renewals
Configure automatic renewals so your certificates stay valid without manual effort. Your ACME client will handle renewals in the background before certificates expire.
Set-and-Forget Renewals
Certificates are issued and renewed automatically via ACME, reducing manual work and preventing costly expiry-related downtime.
Compliance-Ready OV Validation
Choose organization validation (OV) to add verified business identity and warranties that support audits, procurement, and security reviews.
Scalable Coverage for Complex Domains
SAN and wildcard support let you secure multiple hostnames and subdomains under fewer certificates, eliminating certificate sprawl.
Unlimited Issuance, No Surprises
Reissue and rotate certificates across environments as often as needed, without per-certificate fees or operational delays.
Guide
SSL certificates are changing. Are you ready?
Certificates lifetimes are getting shorter and expectations are rising. Why are these changes taking place, what dates do you need to keep in mind, and more importantly, is your business ready to meet the change?
- Know the key dates for SSL Certificates
- Different Types of Certificates & Which Is Best for You
- How ACME automation works
What is the right SSL certificate for you
Sectigo ACME SSL DV
Most basic SSL certificates for businesses that want control over the domain. They are quick to issue and are ideal for personal websites or blogs.
Sectigo ACME SSL OV
Provide an extra layer of trust by validating the organization's identity behind the domain. Best suited for websites where credibility is essential.
Sectigo ACME SSL DV | Sectigo ACME SSL OV | ||
|---|---|---|---|
| Price per year | €26.99 | €107.99 | |
| Wildcard price | €89.00 | €400.00 | |
| ACME compatible | √ | √ | Supports the ACME protocol for automated certificate issuance and renewal using standard ACME workflows. |
| Domains covered | 1 - 500 | 1 - 500 | Secure between 1 and 500 qualified domain names within a single certificate. |
| Multi-domain (SAN) | √ | √ | Add multiple hostnames or subdomains as Subject Alternative Names (SANs) under one certificate |
| Certificate Authority | Sectigo | Sectigo | Certificates are issued by Sectigo |
| Warranty | $500,000.00 | $1,000,000.00 | Includes financial protection from Sectigo against certain losses caused by certificate mis-issuance, up to the stated warranty amount. |
| Vendor refund policy | 30 days | 30 days | 30-day money-back guarantee if you are not satisfied with the certificate. |
| IP compatibility | √ | √ | Certificates can be deployed on services accessed via IP-based or name-based hosting configurations. |
| Unlimited certificates | √ | √ | Issue as many certificates as needed for covered domains without additional per-certificate licensing fees. |
| Automatic certificate renewals | √ | √ | Set-and-forget automation ensures your certificates never expire unexpectedly. |
| Third-party ACME compatibility | Certbot, Acme.sh, Caddy, win-acme and others... | Certbot, Acme.sh, Caddy, win-acme and others... | Works with any ACME-supported client for fully automated certificate deployment. |
| Validation time | 1 hour | same as SAN OV SSL | Typical time to complete domain and/or organization validation once required actions are performed. |
| Issuance time | Immediate | Immediate | Certificates are issued immediately after successful validation and order approval. |
| Organisation pre-validation | X | √ | Pre-validate organization identity so subsequent OV certificate orders can be issued more quickly. |
| Compatibility | √ | √ | Fully tested with major web servers and platforms to ensure smooth ACME enrollment and installation. |
| Server licenses / installations | Unlimited | Unlimited | No per-server licensing—deploy the same certificate to unlimited servers, instances, and load balancers. |
| Free alternate domain | √ | √ | Includes a free matching www SAN (e.g., example.com plus www.example.com ) with each certificate. |
| Wilcard option support | √ | √ | Option to issue wildcard certificates (e.g., *.example.com ) to secure all first-level subdomains under a base domain. |
| EAB support | √ | √ | Supports External Account Binding (EAB) for controlled ACME account enrollment and tenant or account isolation. |
Expand your domain portfolio and secure it easily
Use the search bar below to find for the perfect domain name. Then automate its security using your ACME SSL subscription.
FAQs
What’s an SSL certificate?
Secure Sockets Layer (SSL) is a protocol for website security. It protects online communication and transactions using the strongest encryption available. An SSL certificate validates the identity of your website, rather like a passport. Once activated it displays a padlock icon and https:// in your URL. These trust indicators let your customers know that your site is genuine, protected, and private.
Why use SSL?
As an online retailer, it’s your duty to protect the information that your customers share with you. An SSL certificate on your website scrambles or encrypts the traffic between a web server and a web browser. This means your customers' personal information is secure. Without SSL, any computer can intercept and steal credit card numbers, usernames, and passwords.
Google has stated that HTTPS will be a ranking signal. Excellent news - it means your website’s page ranking will be boosted if you have an SSL certificate.
Which websites need SSL?
All of them, but some sites are more vulnerable than others such as financial institutions, big-name brands, and government entities. You must use SSL protection if your website is PCI compliant and accepts payment cards, or does any of the following:
- Banking sites asking for financial information.
- If your website accepts payment cards (American Express, Diners Club International, MasterCard, Visa. Including credit, debit, prepaid, and gift cards), you have to comply with the credit card associations' rules about data security. The goal being to protect cardholder data. This has been standardised under the Payment Card Industry Data Security Standard (PCI DSS). If you don’t use an SSL certificate on your website, you won’t be complying with the PCI standards.
- Your website asks customers to provide personal or sensitive information such as email addresses, social security numbers, medical records, and passport numbers.
- You have login forms on your website asking users to enter their username and password.
- Your site provides webmail where users can login and read email in a secure environment.
- There are subscription pages for newsletters, mailing lists, etc.
What's a wildcard SSL certificate?
The wildcard applies to the InstantSSL DV, Domain, and Organisation SSL certificates. The certificates are issued for the domain name specified in the initial application. If you buy a wildcard with one of these three certificates, it means that the common name specified is *.yourdomainname.com. You can then use the certificate on an unlimited number of subdomains and servers. You also have the option to add in the future.
If you need to secure multiple subdomains on a single domain name, you can buy a wildcard. For a wildcard SSL certificate, a common name of *.yourdomainname.com would secure www.yourdomainname.com, mail.yourdomainname.com, secure.yourdomainname.com, etc...
What is the ACME protocol?
ACME (Automated Certificate Management Environment) enables SSL certificates to be issued, installed, renewed, and replaced automatically—without human intervention.
Sectigo ACME SSL certificates:
- Eliminate manual certificate requests and renewals.
- Prevent downtime caused by expired certificates.
- Ensure continuous HTTPS protection.
- Scale easily across domains and servers.
This makes ACME-based SSL ideal for businesses, developers, and hosting environments where reliability and automation are critical.
Do I need to download a CSR with the ACME protocol?
In ACME-based SSL, CSR generation and certificate requests are handled automatically by your system or hosting platform.
You don’t need to manually create, submit, or manage CSRs. Keys are generated securely, and certificates are issued and renewed in the background—reducing configuration errors and improving security.
Why do Extended Validation certificates take longer to issue?
It’s because the audit and validation process for the EV SSL certificate isn’t automated and the background checks are meticulous. It’s the price you pay for super-protection, but it’s worth it.
Is Sectigo a Trusted Certificate?
Yes, Sectigo SSL certificates are trusted by all major browsers and operating systems. Sectigo is a well-recognized Certificate Authority (CA) that adheres to stringent security standards, ensuring that your website remains secure and trusted by users globally.
What is Warranty for SSL?
A warranty for an SSL certificate is a financial guarantee provided by the Certificate Authority (CA) that covers certain damages or losses if the SSL certificate fails to function as expected. This warranty typically includes:
- Coverage: It often covers financial losses resulting from security breaches or fraud due to certificate mis-issuance or failure.
- Amount: The warranty amount can vary depending on the CA and the type of certificate, ranging from thousands to millions of dollars.
- Terms: Specific conditions and procedures must be followed to claim the warranty, including proof of the breach and that it resulted from the certificate's failure.
What is CaaS (Certificate As A Service?)?
Certificate as a Service (CaaS) is a fully automated SSL/TLS subscription that handles certificate issuance, renewal, and rotation for you. It's another term used to describe certificates that follow the ACME protocol.
What should I do if I no longer need to secure a domain?
You can remove a domain from your ACME SSL subscription at any time.
- Removing a domain will not generate a refund.
- If the same domain is added again later, it will be treated as a new domain and billed accordingly.
- Upon renewal, the subscription will reflect the updated number of domains (i.e., one fewer domain).
We recommend reviewing your domain list before renewal to ensure your subscription matches your current needs.
Does ACME SSL support OV certificates?
Yes.
The ACME protocol does not perform organization validation itself, but it can be used to issue an Organization Validation (OV) certificate once the company has been validated by the certificate authority.
To use OV certificates with ACME:
- An ACME SSL OV subscription is required.
- Your organization must be validated before configuring the ACME account.
- Once validated, certificate issuance and renewal can be automated via ACME.
This means OV certificates benefit from the same automation capabilities as DV certificates.
How often does the organization need to be verified for ACME SSL OV certificates?
Organization validation for OV certificates is typically done once per year, just like traditional (manual) OV SSL certificates issued by Sectigo. This annual validation requirement does not affect ACME automation. Once the organization is validated, certificate issuance and renewal continue automatically through the ACME workflow.
What is the difference between a SAN certificate and an ACME subscription?
A SAN certificate is a multi-domain SSL/TLS certificate. It allows you to secure multiple domains and subdomains with a single certificate.
An ACME certificate automation subscription is not a type of certificate. It is an automated service based on the ACME protocol for issuing and renewing SSL certificates. Its pricing depends on the number of domains covered, not on each individual certificate.
Is External Account Binding (EAB) mandatory?
Yes. For Sectigo certificates issued via ACME, EAB is required for both DV and OV subscriptions. It enables a secure connection between your ACME client and your account using pre-registered credentials. Your EAB details will be available in your dashboard once your license token is activated.