Skip to main content

SSL certificates

An SSL certificate is used to encrypt your website. It provides a secure connection to your website and your online store. An SSL certificate is required for certain markets and for receiving the Trusted Shops certification. You know you’re using an SSL certificate if your website is accessed via https.

1. Which SSL certificates are available?

SSL certificates are offered by independent certificate providers. plentymarkets offers 2 types of SSL certificates:

Type Explanation

AlwaysOn 

  • cheapest SSL certification model

  • issued by DigiCert

  • Length of validity:

    • 6 months

  • Renewal:

COMODO 

  • globally recognised and trusted certification authority.

  • the certification authority is liable in the event of misuse or loss of data.

  • Length of validity:

    • a duration of 1 or 2 years is chosen while placing the order.

    • for newly ordered certificates, the validity period begins when the certification authority confirms the order.

    • remaining validity cannot be transferred from the previous certificate.

  • Renewal:

    • not automatically renewed

    • should be renewed at the end of the validity period (minimum 1 year).

    • A reminder email is sent to the hostmaster address 14 days before the certificate officially expires.

    • It’s also possible to receive email reminders. The LetsMonitor.org  service is a free option.

SSL certification pricing model

The SSL certificate is provided for a monthly fee of €2 plus the cost of the SSL certificate.

This results in the following annual costs per model in ascending order:

Certificate Calculation Annual cost *

AlwaysOn

12*2 + 12*0

€24

COMODO 2 years

12*2 + 1*59.50/2

€53.75

COMODO 1 year

12*2 + 1*35.70

€59.70

*All prices are listed in net.

2. Prerequisites for booking an SSL certificate

2.1. Domain

It’s only possible to order an SSL certificate for a primary domain. In other words, the domain must be listed as a primary domain in the menu Setup » Assistants » Basic setup » Domain assistant.

Tip: Look at your domains with the table view. This will help you recognise which one is the primary domain.

Primary Domain
Figure 1. Domain assistant with the table view

If you want to set up an SSL certificate for a different domain, you will have to set this domain as your main domain first.

It’s not possible to order an SSL certificate if the corresponding domain is defined as external (i.e. it refers to an external IP address).

external domain

2.2. Active autoscaling

A few systems have not been switched to autoscaling  (AS). In most cases, this is because the domain is not hosted by plentymarkets. As such, the domain owner must adjust the DNS settings manually. Another cause might be that the domain was added to a client for the first time. These clients are not automatically switched to autoscaling. The plentymarkets support team needs to manually activate autoscaling.

How can I tell if AS is activated?

Look at the DNS settings in the domain assistant to see whether AS is activated for the particular system.

Checking the autoscaling status:

  1. Open the domain assistant and navigate to the step Current DNS Settings.
    Note: This step only appears if you selected Add a new domain, hosted externally in the step Domain type.

  2. In the column DNS Record Type, check if a CNAME entry exists for the domain.
    → If a CNAME entry exists, autoscaling is active. An SSL certificate can be ordered.
    → If no CNAME entry exists, but rather two A records, autoscaling is not active.

  3. If autoscaling is not active, contact the plentymarkets support via the plentymarkets Forum  and ask them to activate autoscaling. The thread is in German, but the support staff can also speak English.

Example of the DNS settings shown for a system on AS:

current dns settings

2.3. For subdomains: Existing parent domain

If you want to order an SSL certificate for a subdomain, then the parent domain must also exist in the assistant. The relationship between the domain and subdomain must also be entered correctly in the assistant. Check the settings in the assistant.

If the parent domain was deleted from the assistant, then create the parent domain again. If you do not want this parent domain to point to plentymarkets, but rather e.g. to Showare, then save an external A record for the parent domain by creating a system link.

2.4. For external domains: DNS settings

The SSL order is validated on a file level. This means that the domain for which the certificate is to be ordered must be accessible correctly.

  • The DNS settings saved for the external provider must be identical to the DNS settings saved in the assistant.
    → Check the settings in the service area of your domain provider.

  • The domain that the SSL certificate is being ordered for must not have an IPv6 entry (AAAA record).
    → Check the settings in the service area of your domain provider.

  • Any existing CAA records  must allow the certificate to be ordered for the chosen domain.
    → Check the settings in the service area of your domain provider.

2.5. Remove 301 redirects for '/'

Open the domain assistant for the particular domain and make sure there is no 301 redirect for the homepage, as shown in the following example:

/;Target-URL;301;L

/*;Target-URL;301;L

^/*;Target-URL;301;L

2.6. No manually created sub-domain for www.

A manually created sub-domain for www.yourDomain.tld prevents the SSL certificate from being issued, since it would create a duplicate DNS entry for www. If you manually created such a sub-domain, you will need to delete it.

2.7. Check list

Ready to order an SSL certificate? Work through this checklist to make sure that you’ve met all of the requirements.

  • Domain has not been cancelled

  • Domain is a primary domain

  • Domain has been switched to AutoScaling (AS)

  • For sub-domains: there is an existing parent domain

  • The DNS settings match the entries in the domain assistant

  • There is no AAAA record for whichever domain the certificate should be ordered

  • There is no negative CAA record

  • There is no 301 redirect for the homepage

  • There is no manually created sub-domain for www.

3. Ordering an SSL certificate

Once you’ve met all of the requirements, you can order an SSL certificate. plentymarkets orders the SSL certificate on your behalf and bills you for the one-off purchase price and the monthly fee.

Buying an SSL certificate:

  1. Go to Setup » Client » Select client » SSL.
    → The domain’s certificates are displayed.

  2. In the row Order new SSL for domain: [domain name], click on the down arrow to the right.
    → The SSL certificates that are available for the domain are displayed.

  3. Check the available SSL certificates.

  4. Click on Order SSL certificate in the line of the SSL certificate that you want to book.
    → The SSL certificate is ordered.
    Note: It can take up to 2 hours for the SSL certificate to be activated.

  5. Delete the browser cache.

  6. Optional: Delete the DNS cache.

    1. Click the shortcut key Windows key + R.

    2. Enter CMD and press Enter.

    3. Enter the command ipconfig /flushdns.
      → The DNS cache is cleared.

When is the order complete?

The order process is only finished when the status in the backend says "Complete". Any messages that include the word "challenge…​" mean that the order is still being processed. Refer to the FAQ if the order status is stuck in "challengeSolved".

4. Renewing an SSL certificate

SSL certificates must be renewed, i.e. reordered, before they expire. Even if you already have an SSL certificate, you will still need to order a new certificate before it expires. You will need to select a certificate provider and duration every time you order an SSL certificate.

Checking the expiration date of an SSL certificate:

  1. Go to Setup » Client » Select client » SSL.
    → You will see a table with the domain’s certificates.

  2. The column Valid until shows you when the certificate expires.

5. Frequently Asked Questions (FAQ)

  1. Which domain should I order the SSL certificate for?

    1. You order the SSL certificate for your main domain, i.e. the domain that is listed as the primary domain in the menu Setup » Assistants » Basic setup » Domain assistant. If you want to set up an SSL certificate for a different domain, you will have to set this domain as your main domain first.

    2. You can continue to have a domain hosted externally and save the DNS settings with this external provider. However, the SSL certificate needs to be saved close to the system. This means that even if the domain is hosted externally, the actual encoding is done directly in the system after the domain forwarding via IP address is carried out. As such, it is not possible to use an external SSL certificate. The SSL certificate needs to be ordered from plentymarkets.

    3. You cannot order SSL certificates for cancelled domains, start-up domains and test domains, i.e. domains with names that contain plenty-testdrive.eu, plentymarkets-x1.com etc.

  2. What will happen if I change the primary domain?

    1. SSL certificates are linked to a domain. This means, for example, that if the main domain is changed, then the current certificate will be deactivated, because there is a new main domain without a certificate. Deactivated doesn’t mean deleted. If you switch the main domain back to whichever domain already had an SSL certificate, then it can be re-activated, assuming that the SSL certificate hasn’t expired.

  3. Can I take the SSL certificate with me if I move my domain?

    1. You cannot take an SSL certificate with you when moving your domain to plentymarkets. Due to technical limitations, it’s only possible to order within our public key infrastructure . This applies to both directions. It’s true when moving from external to plentymarkets or from plentymarkets to external. An SSL certificate that you booked with plentymarkets needs to be saved close to the system. Therefore, you cannot take it with you when moving your domain. It is not possible to export the certificate data (secret private key). It is also not possible to “transfer” an SSL certificate from one domain (ID) to another.

  4. Do I need a hostmaster mailbox?

    1. No, you do not need a hostmaster@yourDomain.tld mailbox to purchase an SSL certificate.

  5. Can wildcard SSL certificates be issued?

    1. No, so-called wildcard SSL certificates cannot be issued in our infrastructure.

  6. How long does it take for the SSL certificate to be activated?

    1. Once you’ve ordered a new certificate, it will need to be published during a regularly scheduled system process. This can take up to 120 minutes.

    2. In rare cases, the certification authority performs a quality control before they activate the SSL certificate. Therefore, check the confirmation message displayed on the screen. Normally, quality control takes up to 24 hours. If the status in the back end is not “Complete” after 24 hours, then contact the support team in the forum and specify which domain is affected.

  7. I ordered my certificate several hours ago, but my website still isn’t classified as secure. What can I do?

    1. Option 1: Once the order has received the status “Complete” in the back end, the local browser cache must be deleted in order to update the certificate.

    2. Option 2: There might be a problem with your domain’s availability and therefore the certificate cannot be issued correctly. You can check whether it’s possible to install LetsEncrypt for your domain on the following page: https://letsdebug.net/ 
      Validation method: HTTP-01. If an error message is displayed there, you can report it to us in the forum so that we can check the situation.

  8. I want to switch from COMODO to AlwaysOn. What should I keep in mind?

    1. If you order AlwaysOn while you already have an active SSL certificate from COMODO (aka RapidSSL), then the COMODO certificate will be replaced by the AlwaysOn certificate. The “old” certificate will not be deleted, but rather deactivated. The plenty-Core team  can re-activate the certificate, assuming it has not expired. The domain might be classified as "not secure" for a maximum of one hour if the AlwaysOn certificate was just ordered, since it needs to be requested, generated and installed after the order is placed. Once the order has received the status “Complete” in the back end, the local browser cache must be deleted in order to update the certificate.

  9. The order status is stuck in “challengeSolved”. How can I fix this problem?

    1. Check whether you’ve met all of the requirements for successfully ordering an SSL certificate. If you’ve met all of the requirements, but the status is still stuck in "challengeSolved", then contact the plenty-Core team in the forum .

To top