All systems operational Your IP: 216.73.216.63 info@cloudhosting.lv +371 66 66 29 69 Client area
ACME subscription · RFC 8555

ACME SSL: certificates that renew themselves

An ACME v2 subscription from Sectigo: your servers request, install and renew trusted SSL certificates automatically. One annual fee per domain, up to 255 SANs, wildcards included via DNS-01.

  • Auto-renewal, no expiry surprises
  • certbot, acme.sh and Caddy
  • Wildcards via DNS-01
ACME subscription
Pricing

One subscription per domain

Flat annual pricing per domain: automation does the rest.

Pick a billing period

Most popular

Sectigo ACME Subscription

Domain Validation ID-300 INCLUDED SAN: 1
€17.63/year
  • RFC 8555 ACME v2 protocol
  • Automated renewal via your ACME client
  • Annual subscription, per domain
  • Wildcards on DNS-01 validation
  • certbot, acme.sh, Caddy compatible
+ SAN SINGLE €17.95/year
+ SAN WILDCARD €95.78/year

Prices without VAT; Latvian VAT is 21% where it applies. Prices follow the certificate authorities daily.

Certificates get shorter in 2026

From 24 February 2026 the industry cuts the maximum life of a public SSL certificate from 397 to 199 days, under the CA/Browser Forum rules. It is a security win: short-lived certificates are much harder to abuse if a key ever leaks. Your multi-year price here does not change. We simply reissue the certificate for you at each interval, so you stay covered without lifting a finger.

Point your ACME client at Sectigo

After ordering you receive the directory URL and EAB credentials (kid and HMAC key) by email. One command connects certbot:

certbot certonly \
  --server https://acme.sectigo.com/v2/OV \
  --eab-kid <your-kid> --eab-hmac-key <your-hmac> \
  -d example.com -d www.example.com

acme.sh, Caddy, Traefik and any RFC 8555 client work the same way: set the server URL and the EAB pair once, then renewals run on schedule.

Why ACME instead of manual certificates

Renews on schedule

The client renews well before expiry. No calendar reminders, no expired-certificate outages.

Scales to 255 SANs

One subscription covers the domain, extra hostnames and wildcard entries as you grow.

EAB-secured account

External Account Binding ties issuance to your account, so only your servers can request certificates.

OV-chain trust

Certificates chain to Sectigo roots trusted by every mainstream browser and OS.

How it works

  1. 1

    Order the subscription

    One domain per subscription. The directory URL and EAB kid/HMAC arrive by email.

  2. 2

    Configure the client

    Point certbot, acme.sh or Caddy at the Sectigo server with your EAB pair. Wildcards validate via DNS-01.

  3. 3

    Forget about it

    Issuance and renewal run automatically. Add SANs to the subscription whenever the setup grows.

ACME questions

Which ACME clients are supported?

Any RFC 8555 (ACME v2) client with External Account Binding support: certbot, acme.sh, Caddy, Traefik, cert-manager and win-acme all work.

How do wildcard certificates work over ACME?

Wildcards require the DNS-01 challenge: your client publishes a TXT record to prove domain control. Most clients automate this with DNS provider plugins.

What is EAB and why do I need it?

External Account Binding links your ACME account to your paid subscription using a key ID and HMAC key we email you after the order. It stops third parties from issuing on your subscription.

How is this different from free Let's Encrypt?

The workflow is the same protocol, so this is a drop-in Let's Encrypt alternative. The Sectigo subscription adds a longer 1-year certificate lifetime, up to 255 SANs per certificate, OV-chain options and support from us when automation misbehaves.

Can I cover several domains?

The subscription is per domain. Extra hostnames within the domain are SANs; for a second domain, order a second subscription.

How much does an ACME SSL subscription cost?

It costs 17.63 EUR a year per domain, one flat annual fee. The base subscription includes 1 SAN, and you can grow the same certificate up to 255 SANs with hostname or wildcard add-ons. Issuance and renewal run automatically at no extra per-issuance cost.

Do I have to install and renew SSL certificates manually?

No. Your ACME client (certbot, acme.sh or Caddy) requests, installs and renews certificates on schedule. You configure the Sectigo directory URL and EAB credentials once; after that renewals need no human action.

What happens if automatic renewal fails?

ACME clients retry and renew well before the expiry date, so there is time to react. Certificates issued on the subscription are valid for 1 year, which leaves a wide buffer. If automation misbehaves, our support team helps you debug the setup.

Ready to start?

Deploy in minutes or talk to an engineer about what fits your project.