Certificate Approval Process

To purchase, reissue, or renew a certificate, you must demonstrate that you have control over each hostname in the certificate, using one of the following approval methods.

Email approval

Email approval, the default, is the simplest way to approve a certificate. When purchasing a certificate, you select from a list of acceptable administrative email addresses, and respond to an email sent to that address. The acceptable administrative addresses are:

  • Any of the following addresses at the hostname in the certificate or any of its parent domains:

    • admin@
    • administrator@
    • hostmaster@
    • postmaster@
    • webmaster@

    (For example, if the certificate's hostname is www.subdomain.example.com, then admin@example.com, admin@subdomain.example.com, and admin@www.subdomain.example.com would be among the acceptable addresses.)

  • Any of the contact addresses in the domain's public whois record (only for TLDs which publish email addresses in whois).

Resending approval email

If you don't receive an approval email because of a momentary problem with your email address, you can ask SSLMate to resend the approval email by running sslmate resend-email HOSTNAME.

To resend the approval email to a different address, use the --email option as follows: sslmate resend-email HOSTNAME --email=ADDRESS. ADDRESS must be one of the acceptable addresses listed above or when you run sslmate buy.

DNS approval

DNS approval requires you to publish a DNS record in your domain's DNS zone. Though more complicated to set up than email approval, DNS approval can be completely automated, allowing for fully automatic provisioning and renewal of certificates.

For more information, consult the DNS approval page.

Multi-hostname certificates

When purchasing a multi-hostname certificate, each hostname in the certificate must be approved. If the same approver email address is used for multiple hostnames, only a single email is sent to that address.

When reissuing a multi-hostname certificate, only new hostnames must be approved, as long as the private key hasn't changed. If the private key has changed, then all existing hostnames on the certificate must be re-approved.

Get Started with SSLMate Today

Buy a new certificate, or import your existing certs for free.

Click to sign up