Skip to main content

SSL certificates

An SSL certificate is used to encrypt your website. It provides a secure connection to your website and your online store. An SSL certificate is required for certain markets and for receiving the Trusted Shops certification. You know you’re using an SSL certificate if your website is accessed via https.

plentymarkets includes an assistant that helps you order and manage manage your SSL certificate. Please note that such tasks are usually completed by a system administrator. This page is quite technical since it serves as a reference for system administrators and helps them complete their administrative tasks in plentymarkets.

1. Which SSL certificates are available?

SSL certificates are issued by independent certification authorities. plentymarkets offers different types of SSL certificates:

Type Explanation

DV

  • DV = Domain Validation.

    • DV certificates are very common.

    • They are verified by the domain name only.

  • cheapest SSL certification model

  • issued by DigiCert

OV

  • OV = Organizational Validation

    • OV certificates entail a more comprehensive verification process, but they also provide more trust.

    • The certificate authority verifies the company. In doing so, details such as the company name, location and address are compared with information from the commercial register.

  • mid-range certification model

  • issued by CertCenter

EV

  • EV = Extended Validation

    • EV certificates entail the most comprehensive verification process, but they’re also considered to be the most secure and trustworthy solution.

    • The certificate authority completes a validation process specified by CA/Browser Forum .

  • most secure and trustworthy certification model

  • issued by CertCenter

Breakdown of prices

Comodo InstantSSL
OV
Comodo Positive
EV
AlwaysOnSSL
DV
RapidSSL Standard
DV

Validity period

12 months

12 months

3 months

12 months

Monthly fee

€2

€2

€2

€2

Cost of the SSL certificate

€118.80

€348

€0

€35.70

One-time setup fee

€29

€99

€0

€0

All prices are listed in net.

2. Prerequisites for booking an SSL certificate

2.1. Domain

It’s only possible to order an SSL certificate for a primary domain. In other words, the domain must be listed as a primary domain in the menu Setup » Assistants » Basic setup » Domain assistant.

Tip: Look at your domains with the table view. This will help you recognise which one is the primary domain.

Primary Domain
Figure 1. Domain assistant with the table view

If you want to set up an SSL certificate for a different domain, you will have to set this domain as your main domain first.

It’s not possible to order an SSL certificate if the corresponding domain is defined as external (i.e. it refers to an external IP address).

external domain

2.2. Active autoscaling

A few systems have not been switched to autoscaling  (AS). In most cases, this is because the domain is not hosted by plentymarkets. As such, the domain owner must adjust the DNS settings manually. Another cause might be that the domain was added to a client for the first time. These clients are not automatically switched to autoscaling. The plentymarkets support team needs to manually activate autoscaling.

How can I tell if AS is activated?

Look at the DNS settings in the domain assistant to see whether AS is activated for the particular system.

Checking the autoscaling status:

  1. Open the domain assistant and navigate to the step Current DNS Settings.
    Note: This step only appears if you selected Add a new domain, hosted externally in the step Domain type.

  2. In the column DNS Record Type, check if a CNAME entry exists for the domain.
    → If a CNAME entry exists, autoscaling is active. An SSL certificate can be ordered.
    → If no CNAME entry exists, but rather two A records, autoscaling is not active.

  3. If autoscaling is not active, contact the plentymarkets support via the plentymarkets Forum  and ask them to activate autoscaling. The thread is in German, but the support staff can also speak English.

Example of the DNS settings shown for a system on AS:

current dns settings

2.3. For subdomains: Existing parent domain

If you want to order an SSL certificate for a subdomain, then the parent domain must also exist in the assistant. The relationship between the domain and subdomain must also be entered correctly in the assistant. Check the settings in the assistant.

If the parent domain was deleted from the assistant, then create the parent domain again. If you do not want this parent domain to point to plentymarkets, but rather e.g. to Showare, then save an external A record for the parent domain by creating a system link.

2.4. For external domains: DNS settings

The SSL order is validated on a file level. This means that the domain for which the certificate is to be ordered must be accessible correctly.

  • The DNS settings saved for the external provider must be identical to the DNS settings saved in the assistant.
    → Check the settings in the service area of your domain provider.

  • The domain that the SSL certificate is being ordered for must not have an IPv6 entry (AAAA record).
    → Check the settings in the service area of your domain provider.

  • Any existing CAA records  must allow the certificate to be ordered for the chosen domain.
    → Check the settings in the service area of your domain provider. The necessary CAA record is as follows:

DNS Source DNS Record Type DNS Target

@

CAA

issue digicert.com

2.5. Remove 301 redirects for '/'

Open the domain assistant for the particular domain and make sure there is no 301 redirect for the homepage, as shown in the following example:

/;Target-URL;301;L

/*;Target-URL;301;L

^/*;Target-URL;301;L

2.6. No manually created sub-domain for www.

A manually created sub-domain for www.yourDomain.tld prevents the SSL certificate from being issued, since it would create a duplicate DNS entry for www. If you manually created such a sub-domain, you will need to delete it.

2.7. Check list

Ready to order an SSL certificate? Work through this checklist to make sure that you’ve met all of the requirements.

  • Domain has not been cancelled

  • Domain is a primary domain

  • Domain has been switched to AutoScaling (AS)

  • For sub-domains: there is an existing parent domain

  • The DNS settings match the entries in the domain assistant

  • There is no AAAA record for whichever domain the certificate should be ordered

  • There is no negative CAA record

  • There is no 301 redirect for the homepage

  • There is no manually created sub-domain for www.

3. Ordering an SSL certificate

Once you’ve met all of the requirements, you can order an SSL certificate. plentymarkets orders the SSL certificate on your behalf and bills you for the one-off purchase price and the monthly fee.

Only one SSL certificate for the domain

A domain can only have one SSL certificate. Example: If your domain already has an SSL certificate and you order a new one, then the new certificate will overwrite the existing one.

3.1. Completing the SSL assistant

  1. Go to Setup » Assistants » Basic setup.

  2. Click on the SSL management assistant.
    → If you’ve already configured SSL certificates, then you’ll see them listed here.

  3. Click on an existing SSL certificate to open its settings. Or click on New configuration ().

  4. Complete each step of the assistant. Note Table 1.

  5. OV and EV certificates: Once you’ve placed the order in the assistant, you’ll still need to complete a validation process.

ssl assistant
Table 1. Steps of the SSL assistant
Setting Explanation

Step: Certificate

Current SSL

This area is purely informative. Here you can see e.g. which certificate you’re currently using and when it expires.

Select a certificate

Choose the desired SSL certificate.

Automatic renewal

Activate this option () if you want the SSL certificate to automatically be renewed at the end of its term.

Note: OV and EV certificates cannot be renewed automatically. Shortly before your certificate expires, you will receive a notification, which reminds you to order a new certificate.

Step: Contact data

Contact person

Enter information about a contact person. This person must be authorised to complete the validation process, e.g. CIO or CEO.

Company contact

Enter information about your company. The company data must match the information in the commercial register.

Step: Confirmation

Read a summary of the service options that you chose. By completing the assistant, you confirm that you want to book these paid services.

Step: Summary

This step is purely informative.

3.1.1. OV and EV certificates: Validation process after ordering

OV and EV certificates entail a more comprehensive verification process. Once you’ve placed the order, you’ll receive a confirmation email (SSL Subscriber Agreement) from Sectigo. Follow the instructions in the email to complete the validation process.

Generally speaking, there are two ways to proceed:

  • Follow the link in the email. You will be forwarded to the Sectigo website. There, enter the "verification code" that you received in the email. Follow the rest of the steps on the screen. During the validation process, you will receive a phone call from Sectigo.

  • Download the documents listed in the email (Certificate Request Form & SSL Subscriber Agreement). Print the documents, sign them and send them back to Sectigo. During the validation process, you will receive a phone call from Sectigo.

It can take some time to complete all of the steps. Leave yourself enough time to sign the forms, send them back to Sectigo, receive a phone call from Sectigo and complete the validation process.

Are you authorised to complete the process?

The validation process must be completed by an authorised person, e.g. CIO or CEO. During the process, legally binding documents need to be signed by someone with signatory rights.

4. Renewing an SSL certificate

You will be notified shortly before your SSL certificate expires. The notification includes further information and instructions. But you can always see for yourself when your SSL certificate expires and if your certificate will be renewed automatically.

assistant summary

Checking the expiration date:

  1. Go to Setup » Assistants » Basic setup.

  2. Click on the SSL management assistant.
    → Your previously configured SSL certificates are listed here.

  3. Click on an existing SSL certificate to open its settings.

  4. Navigate to the step Summary.

  5. Expand the field Certificate ().

  6. The line Active until shows you when the certificate expires.

  7. The line Automatically renew certificate includes the information Yes or No.

  8. Re-order the certificate if needed.

5. FAQ

Which domain should I order the SSL certificate for?

You order the SSL certificate for your main domain, i.e. the domain that is listed as the primary domain in the menu Setup » Assistants » Basic setup » Domain assistant. If you want to set up an SSL certificate for a different domain, you will have to set this domain as your main domain first.

You can continue to have a domain hosted externally and save the DNS settings with this external provider. However, the SSL certificate needs to be saved close to the system. This means that even if the domain is hosted externally, the actual encoding is done directly in the system after the domain forwarding via IP address is carried out. As such, it is not possible to use an external SSL certificate. The SSL certificate needs to be ordered from plentymarkets.

You cannot order SSL certificates for cancelled domains, start-up domains and test domains, i.e. domains with names that contain plenty-testdrive.eu, plentymarkets-x1.com etc.

What will happen if I change the primary domain?

SSL certificates are linked to a domain. This means, for example, that if the main domain is changed, then the current certificate will be deactivated, because there is a new main domain without a certificate. Deactivated doesn’t mean deleted. If you switch the main domain back to whichever domain already had an SSL certificate, then it can be re-activated, assuming that the SSL certificate hasn’t expired.

Can I take the SSL certificate with me if I move my domain?

You cannot take an SSL certificate with you when moving your domain to plentymarkets. Due to technical limitations, it’s only possible to order within our public key infrastructure . This applies to both directions. It’s true when moving from external to plentymarkets or from plentymarkets to external. An SSL certificate that you booked with plentymarkets needs to be saved close to the system. Therefore, you cannot take it with you when moving your domain. It is not possible to export the certificate data (secret private key). It is also not possible to “transfer” an SSL certificate from one domain (ID) to another.

Do I need a hostmaster mailbox?

No, you do not need a hostmaster@yourDomain.tld mailbox to purchase an SSL certificate.

Can wildcard SSL certificates be issued?

No, so-called wildcard SSL certificates cannot be issued in our infrastructure.

How long does it take for my SSL certificate to be issued?

If your SSL certificate was successfully ordered, then you’ll see a success message. DV certificates are activated within approximately 2-3 minutes.

My SSL certificate wasn’t issued or I got an error message in the assistant. What should I do?

If your DV certificate wasn’t issued within approximately 2-3 minutes, then:

  • open the notification centre () in the plentymarkets back end. In some situations, you’ll receive a message that tells you the source of the problem. For example, that you forgot to enter a telephone number.

  • If you cannot solve the problem yourself or if you get an error message in the assistant, then contact the plenty-Core team in the forum .

To top