From August 19th 2020, SECTIGO issues SSL certificates with a maximum lifetime of 398 days (13 months) as specified by CA/Browser consortium. SSL certificates with a longer lifetime must be re-issued annually (free of charge). You'll receive reminders via e-mail. SSL certificates issued before August 19th 2020 remain valid until their planned expiry date. Code Signing & S/MIME certificates are not affected and remain valid until their planned expiry date.

How do i create /.well-known/pki-validation/... ?

For File Based Authentication, please create a folder structure "/.well-known/pki-validation/" under the root directory. Som (S)FTP programs won't be displaying folders beginning with a dot by default, it might be necessary to enable the "show hidden files" setting.

Under Windows/IIS you cannot create folder names including the dot in the name, instead you have to create a virtual directory, see also:

In Mac OS (OSX) Server the .well-known functionality needs to be enabled inside Apache configuration. For details see

Then create the file using following details or download the Authentication file by clicking the "Download Auth File" button and place it in the "/.well-known/pki-validation/" of the HTTP server, like so:<filename> for and<filename> for SSLs including a subdomain eg.

It may take some time for file to be automatically validated and cert to be issued by Certificate Authority

Was this answer helpful?

 Print this Article

Also Read

Tomcat CSR generation and CRT import (Java Keystore .JKS), Matrify, GlassFish, Wildfly ...

keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore keytool...

Where can i get a Wildcard EV (Extended Validation) SSL certificate?

Unfortunately EV certificates cannot be Wildcard due to CA/B Forum policies, so the only option...

Can you issue SSL certificates for .krd / (Kurdistan - Iraq) domains?

YES, the TLD has been added by GeoTrust / RapidSSL on our request for one of our customers. ;-)

Can i obtain a SSL certificate for a server with dynamic IP / DNS / DynDNS address? What about,, subdomains?

Yes, it is possible to obtain a SSL certificate for dynamic IP based servers. For mail...

PositiveSSL Multi-Domain - How to change approval email address per domain (multidomain)

For example, if "admin@" is selected as approver having main domain specified as "" and...