Sectigo® CaaS DV Single Site Information

Secure your website with Sectigo® CaaS DV, an SSL Certificate backed by one of the world's largest commercial Certificate Authorities (CA) and delivered through the Certificate as a Service (CaaS) platform. This Domain Validation (DV) SSL Certificate combines the global trust of Sectigo with automated API-based management for programmatic deployment.

Ideal for DevOps teams requiring automated SSL Certificate provisioning from a globally recognized Certificate Authority (CA), businesses needing programmatic SSL Certificate control with enterprise-grade trust, and organizations integrating SSL Certificates into CI/CD pipelines, Sectigo® CaaS DV delivers single domain protection with API-driven deployment.

When you order a Sectigo® CaaS DV SSL Certificate, simply provide your domain without the www prefix. Trustico® automatically adds the www version as an additional domain free of charge. For example, ordering yourdomain.com results in coverage for both yourdomain.com and www.yourdomain.com, so your ACME client can request SSL Certificates for both versions.

For domain types that would not normally include a www prefix, such as mail.yourdomain.com or ftp.yourdomain.com, the www version is not added automatically. You can request it to be added manually if needed. If you order www.yourdomain.com directly, that is the only domain that will be issued with no additional domain included.

Secures Domain + www Free of Charge	Instant Domain Control Validation 🔗
USD $500,000 Relying Party Warranty 🔗	2048-bit Industry Standard SSL Certificate
API-Based Management	Delivered Via E-Mail
Includes Sectigo® Trust Seal 🔗	Unlimited Server Licenses
Optional Installation Service 🔗	Unlimited Reissuance Policy 🔗
99.9% Web Browser Ubiquity 🔗	Extend License Without Reinstallation

Build customer trust with automated SSL Certificate security from Sectigo® delivered through the Trustico® CaaS platform. This SSL Certificate combines the established reputation of one of the industry's leading Certificate Authorities (CA) with seamless API management for modern infrastructure.

Sectigo : A Globally Trusted Certificate Authority

Sectigo is one of the largest and longest-established commercial Certificate Authorities (CA) in the industry, with root Certificates embedded in virtually every browser, operating system, and device worldwide. This deep trust chain means that SSL Certificates issued by Sectigo are recognized immediately by Chrome, Firefox, Safari, Edge, and all major mobile platforms without any additional configuration or manual trust store updates.

By choosing Sectigo® CaaS DV, you benefit from this established trust while gaining the convenience of automated Certificate as a Service (CaaS) delivery through the Trustico® platform. The combination gives you a globally trusted SSL Certificate with the API-driven management that modern infrastructure demands. Learn About Sectigo Certificate Authority 🔗

Certificate as a Service : API-Driven SSL Certificate Management

The Certificate as a Service (CaaS) delivery model replaces manual SSL Certificate management with programmatic API control. Rather than logging into dashboards, generating Certificate Signing Request (CSR) files by hand, and downloading SSL Certificate files for manual installation, your systems handle the entire process automatically through the Automated Certificate Management Environment (ACME) protocol.

When you purchase a Sectigo® CaaS DV SSL Certificate, you are purchasing an SSL Certificate license for a set period. Throughout your license period, your ACME client automatically reissues SSL Certificates as they approach expiration, extending the expiration date of your installed SSL Certificate based on your available license validity. This means you purchase once and your infrastructure stays protected continuously for the duration of your license.

When your license period approaches its end, you can extend or renew it without any reinstallation or reconfiguration. The extended license validity is recognized automatically, and your ACME client continues to obtain SSL Certificates as usual. There is no need to update credentials, modify server settings, or change any part of your existing setup. Learn About License Extensions 🔗

Sectigo® CaaS DV integrates into your existing DevOps tooling by providing API access to ordering, validation, issuance, and reissuance. Teams working with CI/CD pipelines, infrastructure as code, and container orchestration platforms can treat SSL Certificate provisioning as another automated deployment step rather than a manual operational task. Discover Certificate as a Service 🔗

ACME Protocol Automation

Sectigo® CaaS DV leverages the Automated Certificate Management Environment (ACME) protocol, the same industry standard defined in RFC 8555, to automate the entire SSL Certificate lifecycle. An ACME client on your server communicates directly with the Sectigo Certificate Authority (CA) to handle domain verification, SSL Certificate issuance, and reissuance without human involvement.

The workflow begins with a one-time ACME client setup using External Account Binding (EAB) credentials from your Trustico® account. Once configured, the client handles all subsequent operations automatically. Domain ownership is verified through either an HTTP-01 challenge, where a verification file is placed on your web server, or a DNS-01 challenge, where a temporary Domain Name System (DNS) TXT record is created.

After successful verification, Sectigo issues your SSL Certificate and the client installs it on your server. Reissuances follow the same automated process before each expiration, ensuring continuous protection without downtime. Explore ACME Protocol Details 🔗

Compatible ACME Clients and Platforms

Sectigo® CaaS DV is compatible with all major ACME clients. Certbot remains the most popular choice for Linux servers running Apache or Nginx, offering straightforward setup and automatic reissuance via scheduled tasks. For Windows environments, win-acme and Certify The Web provide native integration with Microsoft Internet Information Services (IIS) and the Windows Certificate store.

Kubernetes teams can deploy cert-manager to manage SSL Certificate issuance and reissuance as a native cluster resource, while acme.sh provides a lightweight and highly scriptable option for shell-based automation. Additional clients including lego, dehydrated, and Posh-ACME cover Go, shell, and PowerShell environments respectively.

All of these clients work with the Sectigo Certificate Authority (CA) through the same External Account Binding (EAB) authentication process provided by the Trustico® platform. Find Out More About Supported ACME Clients 🔗

Getting Started with External Account Binding

External Account Binding (EAB) is the authentication step that links your ACME client to the Sectigo Certificate Authority (CA) through your Trustico® account. You generate a Key Identifier and an HMAC Key from your Trustico® dashboard and provide them during your ACME client's initial registration. This verifies that your ACME client is authorized to request Sectigo SSL Certificates under your account.

The External Account Binding (EAB) credentials only need to be provided once per ACME client installation. After the initial binding, your client can request new SSL Certificates and process reissuances without repeating the authentication step. You can generate multiple sets of credentials for different servers or environments, providing clear separation and tracking across your infrastructure. View Our EAB Credential Setup Guide 🔗

Rapid Domain Validation

Sectigo® CaaS DV is issued through automated Domain Validation (DV) that typically completes within minutes. The ACME client automates domain ownership verification by responding to a challenge from the Sectigo Certificate Authority (CA).

HTTP-01 validation places a temporary file on your web server, while DNS-01 validation creates a temporary Domain Name System (DNS) TXT record. Both methods are handled entirely by the ACME client without manual file uploads, e-mail approvals, or dashboard interactions.

DNS-01 validation is particularly useful for servers behind firewalls, on internal networks, or in environments where port 80 is not publicly accessible. This flexibility ensures that Sectigo® CaaS DV can be deployed across any infrastructure topology. Learn About Domain Validation 🔗

Adapting to Shorter SSL Certificate Validity Periods

Industry regulations are progressively reducing the maximum validity period for SSL Certificates. Starting in March 2026, the maximum drops to 200 days, then to 100 days from March 2027, and down to 47 days from March 2029. These reductions are mandated by the CA/Browser Forum and apply to all publicly trusted Certificate Authorities (CA) including Sectigo.

For teams accustomed to annual SSL Certificate reissuances, this shift represents a significant operational change. Without automation, each reissuance cycle involves generating a new Certificate Signing Request (CSR), completing domain validation, and reinstalling the SSL Certificate on every server. Sectigo® CaaS DV with ACME automation eliminates this burden entirely, handling every reissuance cycle silently and reliably regardless of how short the validity period becomes. Explore Traditional vs CaaS Comparison 🔗

Enterprise-Grade Encryption

Sectigo® CaaS DV implements 2048-bit RSA encryption with 256-bit symmetric encryption to protect data in transit. Support for Transport Layer Security (TLS) 1.2 and Transport Layer Security (TLS) 1.3 protocols ensures compatibility across all modern browsers and platforms. SHA-256 hashing algorithms, Certificate Transparency logging, and support for Elliptic Curve Cryptography (ECC) key types provide a comprehensive encryption foundation. Compare Encryption Standards 🔗

USD $500,000 Relying Party Warranty

Every Sectigo® CaaS DV SSL Certificate includes a USD $500,000 Relying Party Warranty providing financial protection against mis-issuance. Combined with unlimited reissuance rights accessible through API automation, this warranty delivers sustained value throughout your SSL Certificate lifecycle. Review Warranty Protection 🔗

Sectigo® Trust Seal

Your Sectigo® CaaS DV SSL Certificate includes the Sectigo® Trust Seal, a dynamic visual indicator that displays real-time validation status on your website. The Sectigo name on the trust seal provides immediate brand recognition from a Certificate Authority (CA) that visitors and businesses worldwide already trust. Implement Trust Seals 🔗

DevOps and Infrastructure Integration

Sectigo® CaaS DV integrates with modern DevOps workflows by enabling SSL Certificate provisioning as an automated infrastructure step. Teams using Ansible, Terraform, Puppet, or CloudFormation can incorporate Sectigo SSL Certificate management into their deployment playbooks and templates.

The API supports real-time monitoring of SSL Certificate expiration, automated reissuance triggers, and security compliance tracking across your infrastructure. Whether you are managing a single production server or orchestrating deployments across multiple cloud regions, the automation scales with your needs.

99.9% Browser Recognition

Sectigo root Certificates are embedded in virtually every browser and operating system trust store globally. This means your Sectigo® CaaS DV SSL Certificate is recognized by 99.9% of web browsers including Chrome, Firefox, Safari, and Edge, along with mobile devices running iOS and Android. Understand Browser Recognition 🔗

Unlimited Server Licensing

Deploy your Sectigo® CaaS DV SSL Certificate across unlimited servers without licensing restrictions. This unlimited licensing model is essential for cloud-native architectures with load balancing, redundancy, containerized applications, and distributed systems where the same SSL Certificate must be installed across multiple nodes.

Automated Installation

Install your Sectigo SSL Certificate entirely through ACME client automation. The client generates your Certificate Signing Request (CSR), completes domain validation, retrieves the issued SSL Certificate from Sectigo, and configures it on your server. This automated workflow is supported across Apache, Nginx, Microsoft Internet Information Services (IIS), and major cloud platforms. Access Installation Guides 🔗

Guides and Resources

Trustico® provides comprehensive guides and resources to help you get the most from your Sectigo® CaaS DV SSL Certificate. Detailed documentation covers topics including ACME client setup, External Account Binding (EAB) configuration, and domain validation methods. For ACME client-specific instructions, you should also refer to the official documentation provided by your chosen ACME client. Browse Technical Resources 🔗

Ideal Use Cases for Sectigo® CaaS DV

Organizations requiring SSL Certificates from a globally recognized Certificate Authority (CA) for compliance or policy reasons can automate Sectigo SSL Certificate provisioning through the CaaS platform. Automated deployment pipelines that need programmatic SSL Certificate issuance benefit from the combination of Sectigo trust and ACME protocol automation.

Managed service providers provisioning SSL Certificates on behalf of clients can leverage the Sectigo brand recognition alongside API-driven management. Serverless applications deploying custom domains through AWS Lambda, Azure Functions, or Google Cloud Functions benefit from API-driven SSL Certificate management, while e-commerce platforms enabling merchant custom domains can automate Sectigo SSL Certificate acquisition during onboarding.

Automate SSL Certificate Security with Sectigo

Sectigo® CaaS DV delivers the global trust of one of the industry's leading Certificate Authorities (CA) combined with the convenience of fully automated SSL Certificate management. With ACME protocol support, broad client compatibility, and External Account Binding (EAB) authentication through the Trustico® platform, your single-domain Sectigo SSL Certificate is managed programmatically from issuance through every reissuance.

Whether you are automating SSL Certificate provisioning across your infrastructure or integrating Sectigo trust into your CI/CD pipelines, Sectigo® CaaS DV provides the API-driven protection your infrastructure needs. Compare with Standard Options 🔗