Once you have a CSR code, log into your Namecheap account to start the activation process.
- Hover your mouse over the username located in the left corner of the page and select Dashboard:
- Your SSL certificate can be located in the Product list section. Click Activate next to the certificate in question:
- Copy and paste your CSR code including -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- tags into the corresponding field:
The common name of the certificate (Primary Domain) will be filled in automatically. You will also have an opportunity to specify SANs (Subject Alternative Names - additional domains you would like to secure) by clicking Buy more domain seats button or on Product List prior to initiating activation:
If you generated the CSR along with SANs, they will be fetched automatically just as the primary domain.
If you click on this button, the following page will appear:
Here you can add SANs and proceed to checkout.
Please keep in mind that it is necessary to pay extra for every SAN (add-on domain) you would like to add to your multi-domain certificate.
If you skip this step and click Next, you will see the page with the information auto-filled from submitted CSR code:
- Click Next to proceed with the activation process.
- Select the DCV (Domain Control Validation) method for each domain name on the next page:
There are three methods available for Domain Control Validation: email-based, DNS-based and HTTP-based one.
Email-based validation involves receiving an approval email at one of the following domain-related generic emails (firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org) or Whois email contact address.
DNS-based validation involves creating a CNAME record in the DNS records of the domain.
HTTP-based validation involves uploading of the activation file to the following directory of your site: /.well-known/pki-validation/.
Note: If you have activated the certificate with domain.com or www.domain.com indicated as FQDN (Fully Qualified Domain Name) in your CSR code, please make sure that the file is available via http://domain.com/.well-known/pki-validation/file.txt. In this case, www.domain.com is considered to be under your control as well.
Content of the file shouldn't be changed in any way, as Comodo (now Sectigo) validation system is case sensitive.
You can find more information about DCV methods here.
You can either use different methods for each domain name (subdomain), or use the same method for all of them.
Check the corresponding option if you would like to use one validation method for all SANs:
Note: In order to have a multi-domain certificate validated and issued, it is necessary to complete the validation process for every SAN separately (receive the approval emails, upload the activation file to the root directory of every website, create the CNAME record for every domain name and/or subdomain included to the certificate).
Another thing is that www and non-www versions of one website are considered as two different hostnames, so if you would like to secure both www and non-www versions of one website, it will be necessary to specify both of them in the list of SANs.
Once the DCV methods are chosen for all domain names, you can move forward by clicking Next.
- Enter email address you would like to receive SSL certificate to and proceed further.
Note: Administrative contact email cannot be changed after the activation is done, however, issued SSL can always be downloaded from the Namecheap account.
In case organization or extended validation certificate is activated, you will be asked to submit company contact information:
Note: The Representative section is listed only for OV certificates. For EV orders, the aforementioned section is not required.
- Once all required fields are filled in, click Next to move onward.
- Review information and submit certificate request to Comodo (now Sectigo).
You will be taken to the page where you can check the details regarding your certificate (Validity period, Validation level, Certificate Authority ID, Namecheap Order ID and number of the domains to be secured with the certificate in question):
If you click See details, you will see the page with the details submitted during the activation process including certificate ID, certificate status, primary domain, SANs (add-on domains), server type, hashing algorithm, DCV methods, contact details and CSR code:
Here you can also change the validation method by clicking Edit Methods:
You can resend the approval email/download the activation file/get the corresponding values for the CNAME record by clicking on the small arrow next to Edit Methods option:
It usually takes 10-15 minutes to deliver the approval email. You will need to enter the validation code into the corresponding field (the code can be found in the same email).
Here is an example of the approval email sent by Comodo (now Sectigo) for email-based validation:
HTTP- and DNS-based validation may take longer, as these processes are fully automated and checks are performed on the side of the Certificate Authority over a certain period of time.
If validation fails, make sure that the file is uploaded/CNAME is set up correctly and accessible all over the world.
Once the email is received/file or record is accessible, and the DCV process is completed, your DV (Domain Validation) SSL certificate will be emailed to the administrative contact email address mentioned during the activation.
As for Organization Validation (OV) and Extended Validation (EV) SSL certificates, DCV should be completed prior to the documents submission. The list of the documents required for further validation depending on the type of the certificate will be emailed to you as well.
You can also find the requirements of Comodo CA (now Sectigo CA) for OV and EV certificates validation here.
Should you have any questions, please do not hesitate to contact our SSL Support Team via Live Chat or ticket system.