How Do Multi-Year SSL Certificate Subscriptions Work?
In 2020, several major browsers declared they would no longer support SSL certificates with an expiration date past 398 days (1 year plus a grace period). Certificate Authorities, such as our partner company Sectigo, were then no longer able to offer 2-year SSL certificates, since they would be rejected as invalid by browsers used by a large portion of the internet community.
While this change undoubtedly improves the security of the internet as a whole, it is an inconvenience for many website owners. Previously website owners could save some money by buying longer-term SSL certificates, which represented an overall lower cost than renewing their certificate every year.
As a result, Gandi has teamed up with Sectigo, our partnering Certificate Authority, to offer multi-year SSL certificate subscriptions. With multi-year subscriptions, you receive the cost benefit of paying for several years up front while still meeting the requirement of reissuing the certificate every year.
Warning
The multi-year subscription still requires you to reissue your SSL certificate every year. See below for more information.
You will receive reminder emails asking you to complete any needed steps starting 30 days before your current certificate expires. These emails will explain what steps you need to take to reissue your certificate. You can also go to the SSL section of your account at any time to view the current status of your SSL certificates, as well as find out what steps need to completed to reissue any expiring certificates.
After the end of your subscription period you will then need to renew your SSL certificate. When you renew you can choose to start another multi-year subscription and again pay for multiple years at once.
How to Purchase a Multi-Year Certificate
Follow the normal process for creating a SSL certificate and choose the 2-year option when it is presented to you.
How to Reissue a Multi-Year Certificate
Warning
For multi-year certificates, your old certificate will be revoked 48 hours after your certificate is reissued.
The steps required to reissue depend on the type of certificate you purchased. When you reissue, you are essentially doing a special regeneration of your certificate, and so the steps you used when you originally created your certificate will need to be repeated. Start by following these steps:
-
After logging in, click on “SSL Certificates” in the left navigation menu.
-
Click on the name of the certificate to see the information page for that certificate.
-
Click on the “Reissue” button.
-
Follow the instructions to complete the reissue of your certificate.
The instructions on how to complete the reissue will guide you through the process of regenerating a new certificate using the same process you used when you started. For example, if you use an automatically generated SSL certificate, you may not need to complete any additional steps. If you went through a verification process, you will need to repeat this process again.
The old certificate will be revoked 48 hours after the new certificate is reissued.