All systems operational Your IP: 216.73.216.243 info@cloudhosting.lv +371 66 66 29 69 Client area
SSL automation · RFC 8555

SSL automation: certificates that renew themselves

An ACME v2 subscription from Sectigo: your servers request, install and renew trusted SSL certificates automatically. One annual fee per domain, up to 255 SANs, wildcards included via DNS-01.

  • Auto-renewal, no expiry surprises
  • certbot, acme.sh and Caddy
  • Wildcards via DNS-01
SSL automation
Pricing

One subscription per domain

Flat annual pricing per domain: automation does the rest.

Pick a billing period

Most popular

Sectigo ACME Subscription

Domain Validation ID-300 INCLUDED SAN: 1
€17.63/year
  • RFC 8555 ACME v2 protocol
  • Automated renewal via your ACME client
  • Annual subscription, per domain
  • Wildcards on DNS-01 validation
  • certbot, acme.sh, Caddy compatible
+ SAN SINGLE €17.99/year
+ SAN WILDCARD €95.99/year

Prices without VAT; Latvian VAT is 21% where it applies. Prices follow the certificate authorities daily.

Certificates get shorter in 2026

From 24 February 2026 a public SSL certificate is issued for up to 199 days, so the file is shorter lived than before. It is a security win: short-lived certificates are much harder to abuse if a key ever leaks. Your multi-year price here does not change and there is no extra cost. At each interval you reissue the certificate yourself in the client panel, which shows how many days are left.

Point your ACME client at Sectigo

After ordering you receive the directory URL and EAB credentials (kid and HMAC key) by email. One command connects certbot:

certbot certonly \
  --server https://acme.sectigo.com/v2/OV \
  --eab-kid <your-kid> --eab-hmac-key <your-hmac> \
  -d example.com -d www.example.com

acme.sh, Caddy, Traefik and any RFC 8555 client work the same way: set the server URL and the EAB pair once, then renewals run on schedule.

Why ACME instead of manual certificates

Renews on schedule

The client renews well before expiry. No calendar reminders, no expired-certificate outages.

Scales to 255 SANs

One subscription covers the domain, extra hostnames and wildcard entries as you grow.

EAB-secured account

External Account Binding ties issuance to your account, so only your servers can request certificates.

OV-chain trust

Certificates chain to Sectigo roots trusted by every mainstream browser and OS.

How it works

  1. 1

    Order the subscription

    One domain per subscription. The directory URL and EAB kid/HMAC arrive by email.

  2. 2

    Configure the client

    Point certbot, acme.sh or Caddy at the Sectigo server with your EAB pair. Wildcards validate via DNS-01.

  3. 3

    Forget about it

    Issuance and renewal run automatically. Add SANs to the subscription whenever the setup grows.

Industry change

SSL certificate lifetimes are shrinking

New CA/Browser Forum rules cut the maximum validity of a public SSL certificate step by step, down to just 47 days by 2029.

  1. Before 2025 398 days Certificate validity
  2. March 2026 200 days Certificate validity
  3. March 2027 100 days Certificate validity
  4. March 2029 47 days Certificate validity

A 47-day certificate means 8 or more renewals every year, so automation becomes the only practical way to stay secure. On our multi-year plans the price never changes. Today you reissue the certificate yourself in the client panel at each interval; if you want it hands-off, our ACME certificate renews automatically.

ACME questions

Which ACME clients are supported?

Any RFC 8555 (ACME v2) client with External Account Binding support: certbot, acme.sh, Caddy, Traefik, cert-manager and win-acme all work.

How do wildcard certificates work over ACME?

Wildcards require the DNS-01 challenge: your client publishes a TXT record to prove domain control. Most clients automate this with DNS provider plugins.

What is EAB and why do I need it?

External Account Binding links your ACME account to your paid subscription using a key ID and HMAC key we email you after the order. It stops third parties from issuing on your subscription.

How is this different from free Let's Encrypt?

The workflow is the same protocol, so this is a drop-in Let's Encrypt alternative. The Sectigo subscription adds a longer 1-year certificate lifetime, up to 255 SANs per certificate, OV-chain options and support from us when automation misbehaves.

Can I cover several domains?

The subscription is per domain. Extra hostnames within the domain are SANs; for a second domain, order a second subscription.

How much does an ACME SSL subscription cost?

It costs 17.63 EUR a year per domain, one flat annual fee. The base subscription includes 1 SAN, and you can grow the same certificate up to 255 SANs with hostname or wildcard add-ons. Issuance and renewal run automatically at no extra per-issuance cost.

Do I have to install and renew SSL certificates manually?

No. Your ACME client (certbot, acme.sh or Caddy) requests, installs and renews certificates on schedule. You configure the Sectigo directory URL and EAB credentials once; after that renewals need no human action.

What happens if automatic renewal fails?

ACME clients retry and renew well before the expiry date, so there is time to react. Certificates issued on the subscription are valid for 1 year, which leaves a wide buffer. If automation misbehaves, our support team helps you debug the setup.

Ready to start?

Deploy in minutes or talk to an engineer about what fits your project.