SSL certificates
An SSL certificate is used to encrypt your website. It provides a secure connection to your website and your online store. An SSL certificate is required for certain markets and for receiving the Trusted Shops certification. You know you’re using an SSL certificate if your website is accessed via https.
PlentyONE includes an assistant that helps you order and manage manage your SSL certificate. Please note that such tasks are usually completed by a system administrator. This page is quite technical since it serves as a reference for system administrators and helps them complete their administrative tasks in PlentyONE.
1. Which SSL certificates are available?
SSL certificates are issued by independent certification authorities. PlentyONE offers different types of SSL certificates:
Type | Explanation |
---|---|
DV |
|
OV |
|
EV |
|
Breakdown of prices
Comodo InstantSSL OV |
Comodo Positive EV |
AlwaysOnSSL DV |
RapidSSL Standard DV |
|
---|---|---|---|---|
Validity period |
12 months |
12 months |
3 months |
12 months |
Monthly fee |
€2 |
€2 |
€2 |
€2 |
Cost of the SSL certificate |
€118.80 |
€348 |
€0 |
€35.70 |
One-time setup fee |
€29 |
€99 |
€0 |
€0 |
All prices are listed in net.
2. Prerequisites for booking an SSL certificate
2.1. Domain
It’s only possible to order an SSL certificate for a primary domain. In other words, the domain must be listed as a primary domain in the menu Setup » Settings » Hosting » Domains.
Tip: Look at your domains with the table view. This will help you recognise which one is the primary domain.

If you want to set up an SSL certificate for a different domain, you will have to set this domain as your main domain first.
It’s not possible to order an SSL certificate if the corresponding domain is defined as external (i.e. it refers to an external IP address).

2.2. Active autoscaling
A few systems have not been switched to autoscaling (AS). In most cases, this is because the domain is not hosted by PlentyONE. As such, the domain owner must adjust the DNS settings manually. Another cause might be that the domain was added to a client for the first time. These clients are not automatically switched to autoscaling. The PlentyONE support team needs to manually activate autoscaling.
How can I tell if AS is activated?
Look at the DNS settings in the domain assistant to see whether AS is activated for the particular system.
Checking the autoscaling status:
-
Open the domain assistant and navigate to the step Current DNS Settings.
Note: This step only appears if you selected Add a new domain, hosted externally in the step Domain type. -
In the column DNS Record Type, check if a CNAME entry exists for the domain.
→ If a CNAME entry exists, autoscaling is active. An SSL certificate can be ordered.
→ If no CNAME entry exists, but rather two A records, autoscaling is not active. -
If autoscaling is not active, contact the PlentyONE support via the Service Desk and ask them to activate autoscaling. The thread is in German, but the support staff can also speak English.
Example of the DNS settings shown for a system on AS:

2.3. For subdomains: Existing parent domain
If you want to order an SSL certificate for a subdomain, then the parent domain must also exist in the assistant. The relationship between the domain and subdomain must also be entered correctly in the assistant. Check the settings in the assistant.
If the parent domain was deleted from the assistant, then create the parent domain again. If you do not want this parent domain to point to PlentyONE. but rather e.g. to Showare, then save an external A record for the parent domain by creating a system link.
2.4. For external domains: DNS settings
The SSL order is validated on a file level. This means that the domain for which the certificate is to be ordered must be accessible correctly.
-
The DNS settings saved for the external provider must be identical to the DNS settings saved in the assistant.
→ Check the settings in the service area of your domain provider. -
The domain that the SSL certificate is being ordered for must not have an IPv6 entry (AAAA record).
→ Check the settings in the service area of your domain provider. -
Any existing CAA records must allow the certificate to be ordered for the chosen domain.
→ Check the settings in the service area of your domain provider. The necessary CAA record is as follows:
DNS Source | DNS Record Type | DNS Target |
---|---|---|
@ |
CAA |
issue digicert.com |
2.5. Remove 301 redirects for '/'
Open the domain assistant for the particular domain and make sure there is no 301 redirect for the homepage, as shown in the following example:
/;Target-URL;301;L
/*;Target-URL;301;L
^/*;Target-URL;301;L
2.6. No manually created sub-domain for www.
A manually created sub-domain for www.yourDomain.tld
prevents the SSL certificate from being issued, since it would create a duplicate DNS entry for www
.
If you manually created such a sub-domain, you will need to delete it.
2.7. Check list
Ready to order an SSL certificate? Work through this checklist to make sure that you’ve met all of the requirements.
-
Domain has not been cancelled
-
Domain is a primary domain
-
Domain has been switched to AutoScaling (AS)
-
For sub-domains: there is an existing parent domain
-
The DNS settings match the entries in the domain assistant
-
There is no AAAA record for whichever domain the certificate should be ordered
-
There is no negative CAA record
-
There is no 301 redirect for the homepage
-
There is no manually created sub-domain for www.
3. Ordering an SSL certificate
Once you’ve met all of the requirements, you can order an SSL certificate. PlentyONE orders the SSL certificate on your behalf and bills you for the one-off purchase price and the monthly fee.
Only one SSL certificate for the domain
A domain can only have one SSL certificate. Example: If your domain already has an SSL certificate and you order a new one, then the new certificate will overwrite the existing one. |
3.1. Completing the SSL assistant
-
Go to Setup » Settings » Hosting » SSL management.
→ Your SSL configurations are displayed here. -
Click on an SSL configuration to open its settings.
-
Complete each step of the assistant. Note Table 1.
-
OV and EV certificates: Once you’ve placed the order in the assistant, you’ll still need to complete a validation process.

Setting | Explanation |
---|---|
Step: Certificate |
|
Current SSL |
This area is purely informative. Here you can see e.g. which certificate you’re currently using and when it expires. |
Select a certificate |
Choose the desired SSL certificate. |
Automatic renewal |
Activate this option () if you want the SSL certificate to automatically be renewed at the end of its term. Note: OV and EV certificates cannot be renewed automatically. Shortly before your certificate expires, you will receive a notification, which reminds you to order a new certificate. |
Step: Contact data |
|
Contact person |
Enter information about a contact person. This person must be authorised to complete the validation process, e.g. CIO or CEO. |
Company contact |
Enter information about your company. The company data must match the information in the commercial register. |
Step: Confirmation |
|
Read a summary of the service options that you chose. By completing the assistant, you confirm that you want to book these paid services. |
|
Step: Summary |
|
This step is purely informative. |
3.2. OV and EV certificates: Validation process after ordering
OV and EV certificates entail a more comprehensive verification process. Once you’ve placed the order, you’ll receive a confirmation email (SSL Subscriber Agreement) from Sectigo. Follow the instructions in the email to complete the validation process.
Generally speaking, there are two ways to proceed:
-
Follow the link in the email. You will be forwarded to the Sectigo website. There, enter the "verification code" that you received in the email. Follow the rest of the steps on the screen. During the validation process, you will receive a phone call from Sectigo.
-
Download the documents listed in the email (Certificate Request Form & SSL Subscriber Agreement). Print the documents, sign them and send them back to Sectigo. During the validation process, you will receive a phone call from Sectigo.
It can take some time to complete all of the steps. Leave yourself enough time to sign the forms, send them back to Sectigo, receive a phone call from Sectigo and complete the validation process.
Are you authorised to complete the process?
The validation process must be completed by an authorised person, e.g. CIO or CEO. During the process, legally binding documents need to be signed by someone with signatory rights. |
4. Renewing an SSL certificate
You will be notified shortly before your SSL certificate expires. The notification includes further information and instructions. But you can always see for yourself when your SSL certificate expires and if your certificate will be renewed automatically.
-
Go to Setup » Settings » Hosting » SSL management.
→ Your SSL configurations are displayed here. -
Click on an SSL configuration to open its settings.
-
Navigate to the step Summary.
-
Expand the field Certificate ().
-
The line Active until shows you when the certificate expires.
-
The line Automatically renew certificate includes the information Yes or No.
SSL certificates are reordered, rather than extended
Technically speaking, you will not simply extend the validity of your SSL certificate. Rather, you will order a new SSL certificate, shortly before it expires. If your domain already has an SSL certificate and you order a new one, then the new certificate will overwrite the existing one. |

5. FAQ
You order the SSL certificate for your main domain, i.e. the domain that is listed as the primary domain in the menu Setup » Settings » Hosting » Domains. If you want to set up an SSL certificate for a different domain, you will have to set this domain as your main domain first.
You can continue to have a domain hosted externally and save the DNS settings with this external provider. However, the SSL certificate needs to be saved close to the system. This means that even if the domain is hosted externally, the actual encoding is done directly in the system after the domain forwarding via IP address is carried out. As such, it is not possible to use an external SSL certificate. The SSL certificate needs to be ordered from PlentyONE.
You cannot order SSL certificates for cancelled domains, start-up domains and test domains, i.e. domains with names that contain plenty-testdrive.eu, plentymarkets-x1.com etc.
SSL certificates are linked to a domain. This means, for example, that if the main domain is changed, then the current certificate will be deactivated, because there is a new main domain without a certificate. Deactivated doesn’t mean deleted. If you switch the main domain back to whichever domain already had an SSL certificate, then it can be re-activated, assuming that the SSL certificate hasn’t expired.
You cannot take an SSL certificate with you when moving your domain to PlentyONE. Due to technical limitations, it’s only possible to order within our public key infrastructure. This applies to both directions. It’s true when moving from external to PlentyONE or from PlentyONE to external. An SSL certificate that you booked with PlentyONE needs to be saved close to the system. Therefore, you cannot take it with you when moving your domain. It is not possible to export the certificate data (secret private key). It is also not possible to “transfer” an SSL certificate from one domain (ID) to another.
No, you do not need a hostmaster@yourDomain.tld
mailbox to purchase an SSL certificate.
No, so-called wildcard SSL certificates cannot be issued in our infrastructure.
If your SSL certificate was successfully ordered, then you’ll see a success message. DV certificates are activated within approximately 2-3 minutes.
If your DV certificate wasn’t issued within approximately 2-3 minutes, then:
-
open the notification centre () in the PlentyONE back end. In some situations, you’ll receive a message that tells you the source of the problem. For example, that you forgot to enter a telephone number.
-
If you cannot solve the problem yourself or if you get an error message in the assistant, then contact the support team in the service desk.