Certificate Approval Process
To purchase, reissue, or renew a certificate, you must demonstrate that you have control over each hostname in the certificate, using one of the following approval methods.
Email approval, the default, is the simplest way to approve a certificate. When purchasing a certificate, you select from a list of acceptable administrative email addresses, and respond to an email sent to that address. The acceptable administrative addresses are:
Any of the following addresses at the hostname in the certificate or any of its parent domains:
(For example, if the certificate's hostname is
firstname.lastname@example.org be among the acceptable addresses.)
Any of the contact addresses in the domain's public whois record (only for TLDs which publish email addresses in whois).
Resending approval email
If you don't receive an approval email because of a momentary problem with your email address,
you can ask SSLMate to resend the approval email by running
To resend the approval email to a different address, use the
sslmate resend-email HOSTNAME --email=ADDRESS.
ADDRESS must be one of the acceptable addresses listed above or when you run
DNS approval requires you to publish a DNS record in your domain's DNS zone. Though more complicated to set up than email approval, DNS approval can be completely automated, allowing for fully automatic provisioning and renewal of certificates.
For more information, consult the DNS approval page.
When purchasing a multi-hostname certificate, each hostname in the certificate must be approved. If the same approver email address is used for multiple hostnames, only a single email is sent to that address.
When reissuing a multi-hostname certificate, only new hostnames must be approved, as long as the private key hasn't changed. If the private key has changed, then all existing hostnames on the certificate must be re-approved.