"Only supports purchasing Business Certificate for domain names."
Q: Why does the purchased Business Certificate show a validity period of only 1 year after deployment, even though it was supposed to be a 3-year certificate?
A: Currently, the Business Certificate issued by aaPanel are issued on a yearly basis. When the certificate is close to expiration, an additional month is reserved for renewing the certificate. The actual validity period of the certificate is 3 years.
Q: Why is the issuance of Business Certificate so slow?
A: All certificates require a certificate authority (CA) to review and issue the certificate. After you have provided the domain name, company name, address, email, and other information, this information is submitted to the CA. The CA will then review and issue the certificate based on the validation method you have chosen (DNS validation or HTTP/HTTPS file validation). Generally, the certificate can be issued within 48 hours, with a normal issuance time of 10 minutes, provided that the chosen validation method is not hindered during the CA's review period.
Q: How can I smoothly complete the CA's review and issuance process for the certificate?
A: Please read the following instructions carefully!
- Ensure that the domain name for which you purchased the Business Certificate or the A records for "@" and "www" are correctly resolving to your server and that the domain is accessible.
- We recommend choosing DNS validation as the validation method. The CA will provide you with a CNAME record for resolution, which has the highest pass rate.
- If you choose HTTP/HTTPS file validation, follow the instructions to create the corresponding directory and file in your website directory and fill in the provided content. Then, access the provided link to confirm if it is accessible.
- If you have chosen file validation, the access is confirmed, but the certificate issuance is still delayed for a long time, the reason may be due to 301/302/307 redirects, reverse proxies, forced HTTPS, CDN, or other settings on your website. The CA needs to access your server, so these settings need to be disabled.
If it is inconvenient to disable these settings, go back to step 2. DNS validation is the best method. We recommend switching to DNS validation.
- There is a special case where you need to contact customer service to reset your order before the certificate can be issued. If you have previously set up a CAA record, you need to log in to the domain name resolution control panel, delete this record, and then resubmit the order to the CA for certificate issuance.
- If you have checked all possible reasons for certificate issuance failure and still cannot resolve the issue, you can contact our customer service to inquire about the status of your order. If you want us to directly deploy the certificate for you, you can discuss the details of our manual service with the customer service representative.
Purchase Process and Verification
proceed to purchase according to your needs.
After a successful purchase, return to the SSL interface to fill in the information.
Check domain CAA records
Check for the existence of CAA records, and if they exist, please remove the relevant records. Otherwise, it may affect the CA's verification process.
How to check if CAA records exist: Visit this website, enter the domain name, select CAA to check
https://dnschecker.org/all-dns-records-of-domain.php
Choose the verification method based on your specific situation.
Select the domain you wish to purchase or enter the domain name and choose the validation method. Here, select DNS Authentication (CNAME resolution).
After confirming the information is correct, click on "Continue to submit".
A prompt will appear requesting you to add DNS verification information.
How to add a CNAME record
Login to your domain name's DNS control panel and add a CNAME record. Copy and paste the information displayed to complete the addition.
To verify if the CNAME record is effective
https://www.whatsmydns.net
For the record value, select CNAME and enter the verification information for this validation. Make sure to add ".yourdomain.com" at the end of the record. For example, .kern123.top
Failure to include this final part may result in verification failure.
Reference tutorial case study:
_1e4868dc7746e090ec448df5000104d8.kern123.top
64dcedcf82fea98dbcad0cbde255e23d.51b993735228273869b411a5c11cf80b.comodoca.com
The search results should match the added record.
Note: As long as most regions display a green checkmark, it indicates that the CNAME resolution is functioning correctly. You can proceed to wait for the certificate to be issued. However, if all regions show a red X, please check if the CNAME is correctly resolved and ensure there are no typographical errors. Sometimes, certain domain registrars may take a little longer to propagate changes. Wait a few more minutes and try again.
Results of Successful Validation
After a waiting period, once the application is successfully approved, you can proceed with the deployment.
HTTP and HTTPS file verification methods:
Selecting the HTTP and HTTPS file verification method:
Please ensure that the domain name for which you are purchasing the Business Certificate has its A records for "@" and "www" correctly resolving to your server, and that you can access the domain.
- Make sure that the ".well-known/pki-validation/" directory exists in your website's root directory.
- Place the verification.txt file in the ".well-known/pki-validation/" directory.
- After completing the above steps, access the provided link to confirm if the file is accessible.
If you have selected file verification and the website is accessible, but you still haven't received the certificate after a long time, what should you do?
The reason for the delay could be due to certain configurations on your website, such as 301/302/307 redirects, reverse proxies, enforced HTTPS, CDN, etc. These configurations can prevent the certificate authority (CA) from accessing your server for verification. In such cases, it is recommended to remove or disable these settings temporarily to allow the CA to complete the verification process.
If removing or disabling these settings is inconvenient or not possible, an alternative suggestion is to switch to DNS verification. DNS verification is considered the best method as it does not require direct server access. You would need to follow the instructions provided by your CA to set up the DNS validation records correctly.
Remember, the CA must be able to access your website to verify the file. Otherwise, the validation will fail.
Explanation of validation failure status codes:
fail[-1]: Domain not resolved
fail[-2]: Verification file does not exist
fail[-3]: Request timeout, unable to access verification file
fail[-4]: Website has enabled 301/302/forced HTTPS, preventing file verification
fail[-5]: Access to verification file is denied
fail[0]: Unknown reason for failure
After a waiting period, once the application is successfully approved, you can proceed with the deployment.
Regarding certificate validation time:
DV (Domain Validation) certificates can be issued within 1-15 minutes. The verification process for DV certificates is automated and typically involves confirming domain ownership through email or DNS validation.
OV (Organization Validation) certificates require manual verification, and the issuance time is usually 1-3 business days. OV certificates involve additional verification steps where the certificate authority manually verifies the organization's details, such as its legal existence and physical address.
EV (Extended Validation) certificates undergo manual verification and telephone validation. The estimated processing time for EV certificates is 3-7 business days. EV certificates involve a rigorous validation process, including verifying the legal and physical existence of the organization, conducting background checks, and confirming the organization's operational details through a telephone call.
It's important to note that these timeframes are general estimates, and the actual validation time may vary depending on the certificate authority and the accuracy and completeness of the information provided during the application process.