A CSR or Certificate Signing Request is required when ordering a HTTPS certificate. You can generate a CSR on your own server. The way to do this will depend on your server software or operating system. We provide some guides here.

You can also use our CSR generator available on the Servertastic Tools website.

Make sure you save the private key when the CSR is generated as nobody else will have a copy of this.

Before the certificate can be issued you must be able confirm you have control of the domain. This is called Domain Control Validation. There are three options available to do this automatically.

Email Validation

During your order you are presented with a predefined list of email addresses. Select one of these email addresses and the system will send an email with an approver link. You must click this link and then “I approve” on the website.

The following addresses are available to choose from:

• admin@

• administrator@

• hostmaster@

• root@

• webmaster@

• postmaster@

File Authentication

This method is recommended as it is usually the easiest and fastest as you do not have to wait for DNS propagation or deal with email system delays.

You will then be given the name of a file and a secret random string. You should upload the file to the location and with the name specified. The file contents should contain nothing but the random string.

Once the order is completed you can delete the file.

DNS Authentication

You will need to be able to create a TXT or CNAME record for your domain. The details to enter into the TXT/CNAME record will be supplied as part of the order process.

When making changes to your DNS records it can sometimes take a few hours for the DNS changes to propagate even after adding the records.

The CAB Forum has voted to update the maximum certificate lifetimes supported by browsers. This will impact all certificates that require to be trusted in browsers issued by any CA. The main push for these changes has come from Apple.

The advantage of shorter lifespans for certificates is the security improvements. It is likely to lead to the eventual removal of OCSP and much smaller CRLs both checks which can slow down browsers.

The proposed changes to certificate lifetimes are as follows

From today until March 15, 2026, the maximum lifetime for a TLS certificate is 398 days.
As of March 15, 2026, the maximum lifetime for a TLS certificate will be 200 days. As of March 15, 2027, the maximum lifetime for a TLS certificate will be 100 days. As of March 15, 2029, the maximum lifetime for a TLS certificate will be 47 days.

Ultimately this will lead to a major push to automate certificate issues. We already offer an API to allow for customers to automate the ordering and delivery of their HTTPS/TLS certificate. Some customers have integrated with the console to complete the automation process.

We are developing in partnership with our providers a process using the ACME protocol and we will be making this available to customers and resellers. The ACME protocol will allow for the complete automation of certificate issuance. This will be provided via a CaaS (Certificate as a Service) subscription.

Updates will be provided on how we will implement the CaaS and the options availabel to resellers.

Any certificates you purchase now will still remain valid and can be reissued until the end of the order expiry date. We will offer long term certificates the opportunity to transition to the CaaS model.

An Extended Validation (EV) certificate is a type of HTTPS/TLS certificate that does more than just secure your website—it also proves your business is real and trustworthy.

With an EV certificate, the Certificate Authority (CA) doesn’t just check that you own the domain—it also verifies your company’s legal name, registration, physical location and the person requesting is a full time employee of the organisation.

You’ll still get the padlock in the browser, just like with a basic certificate, but behind the scenes, users can view your verified business details. It’s a great way to boost trust—especially if you collect personal information, process payments, or work with other businesses.

You will receive an order link which will allow you to manage your order. You can use this link to configure your order and manage all aspects of your order at anytime.

For HTTPS certificates you will need to supply a CSR which will be used to generate your public certificate. You must also prove control of the domain using either HTTPS, DNS or EMAIL.

A multi-domain certificate (also known as an SAN certificate, short for Subject Alternative Name) lets you secure multiple websites with a single HTTPS/TLS certificate.

Unlike a wildcard certificate (which covers one domain and its subdomains), a multi-domain certificate can cover completely different domain names—like:

• yourbusiness.com

• yourbusiness.co.uk

• yourshop.net

• partnersite.org

You don’t need separate certificates for each site—just one to manage and renew.

A wildcard certificate is a special type of HTTPS/TLS certificate that secures your main website and all its subdomains—with just one certificate.

Let’s say your main domain is:

yourbusiness.com

A wildcard certificate would also cover:

• www.yourbusiness.com

• shop.yourbusiness.com

• mail.yourbusiness.com

• blog.yourbusiness.com

• And any other subdomain you create!

The wildcard part is the asterisk (*) in the domain name—so the cert is issued for *.yourbusiness.com.

When you buy an HTTPS/TLS certificate, it often comes with a warranty—but don’t worry, this isn’t something you need to register or pay extra for. It’s basically a promise from the certificate authority (CA) that if they ever issue a certificate incorrectly and it causes financial loss to your customers, the CA will cover the damages—up to a certain amount.

Think of it like a safety net. You’re not expected to need it, but it’s there to build trust and reassure your customers that your security is backed by more than just good intentions.

The amount of the warranty varies depending on the type of certificate—basic ones might offer $10,000, while high-assurance or EV (Extended Validation) certificates can come with $1,000,000 or more.

If you want top-tier website security backed by a global reputation, DigiCert is hard to beat. They’re the go-to choice for some of the world’s biggest brands—and for good reason:

World-class reputation
DigiCert is trusted by banks, governments, and Fortune 500 companies—but they also offer solutions perfect for small businesses that want serious credibility. Choosing DigiCert says, “We don’t cut corners on security.”

Ultra-strong encryption
All DigiCert certificates offer the highest levels of encryption and security protocols—so your customer data stays safe, and your site meets even the strictest compliance standards.

Faster validation
DigiCert is known for lightning-fast issuance times—even for higher-level certificates like EV (Extended Validation) or OV (Organisation Validation). That means less waiting, more securing.

Maximum compatibility
DigiCert certs work flawlessly across every major browser, mobile device, and platform. You’ll never lose trust due to a padlock error or security warning.

Big warranties, big confidence
With warranties up to $2 million, you and your customers are protected in the unlikely event of a certificate authority error. That’s not just a padlock—it’s a promise.