Discussions / FAQs

Ask a Question

Problems with web site.

FYI, I placed an order yesterday morning and it hasn't been processed. The invoice shows up in the web portal but the order does not show up under either open or complete orders. When I try to login to the support portal to contact you, I get a 500 server error. Just trying to find a way to reach out and let you know there's a problem since the order processing and support ticket system both seem to not be working right...

Facing a 500 Server Error

Hello, I'm fulfilling the different steps for a new Sectigo OV SSL wildcard certificate. I choosed DNS verification, but when pressing Next after Organization page, I'm facing a 500 server Error. I tried several times and it's always doing the same. I have to start from scratch after some time, without more success...

Why was my order cancelled before it was issued?

There are a few reasons why the order may be cancelled before it was issued. **Not Validated within 90 days** If the order has not been validated within 90 days of placing the order then it will automatically be cancelled. **Approver Rejected** An email approver was sent to approve the certificate issuance. The email recipient has rejected the issuance and so the order has been cancelled. **Cancelled by User** The order was cancelled by the user either via the order management page or the API **How to restart your order or request a refund** Please refer to the following guidance on how to restart yoru order or request a refund [Restart Order / Request Refund](https://docs.servertastic.com/docs/cancel-https-order#restart-order) Orders purchased using points automatically receive a credit for orders cancelled.

Can I get an EV SSL Wildcard Certificate?

Due to strict validation requirements set down by all Certificate Authorities wildcard EV certificates are not available from any provider. You can obtain [EV Multi-Domain SSL certificates](https://www.servertastic.com/ssl-multi-domain).

I need a certificate with CA=True or KeyUsage=CertSign

The above key constraints mean that the certificate is allowed to issue signed certificates. It is not possible to purchase a publicly trusted certificate with these constraints from any Certificate Authority. If such a certificate were issued it would be possible to sign an end-entity certificate for any domain and it automatically be trusted by browsers. This creates a significant security risk as the owner of such a certificate could simply just issue a certificate for google.com or paypal.com and inspect all traffic between the user and the server. The main reason for requiring such a certificate is to install on a firewall type device that performs deep packet inspection. This is essentially performing a Man-in-the-Middle attack on the end user using the firewall by breaking end-to-end encryption for that user. The only option is to create a self-signed certificate with these key constraints and then add it as a trusted certificate on all the end user devices connecting through the firewall either via a group policy or asking the end users to install the certificate.

Sectigo SSL OV - 1 year / 2 year certificates

We usually order Sectigo SSL OV certificates for 1 or 2 years due to the short lived nature of some of our sites and the new guidance for the maximum life of a certificate. But i can no longer find Sectigo SSL OV for 1 or 2 years, have these been removed?

Why is my certificate is only valid for 1 year but I purchased for multiple years?

Due to changes implemented by the CA Browser Forum certificates can only have a maximum validity period of 397 days to be trusted by browsers. You can reissue your certificate multiple times during the life of your certificate plan to obtain the full validity. For more information please see our guide on [Multi-Year HTTPS Certificates](https://docs.servertastic.com/docs/multi-year-https-certificates)


Error can occur when visiting a website even in modern browsers.

Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error

This message is sometimes displayed when accessing an SSL page via a proxy (including our own payment page PayPal). It is caused by Chrome being unable to render the 502/302 proxy response for some sites (Issue 119713). Check your browsers Proxy settings. If possible remove the proxy and try again. To change this setting, go to [chrome://chrome/settings/](chrome://chrome/settings/) Then Click `Show Advanced Settings`. Scroll down to `Network` and click `Change proxy settings…` Uncheck `Automatically Detect`.

Convert Private Key to RSA format

Some hosting systems require the Private key to be in RSA format rather than PEM. You can easily convert these files using OpenSSL. Your private key file will usually start with `-----BEGIN PRIVATE KEY-----` an RSA private key will start with `-----BEGIN RSA PRIVATE KEY-----` To convert your key simply run the following OpenSSL command `openssl rsa -in domain.key -out domain-rsa.key`