Once a Multi-Domain SSL certificate was purchased, the process of its activation should be completed. In order to activate a newly purchased multi-domain certificate, you will need to have a CSR (Certificate Signing Request) code generated on your server. You can either do it yourself (all necessary guides can be found here)or ask your hosting provider to do it for you. The CSR code for a multi-domain SSL certificate can be generated for the primary domain (used as the "Common Name") only, as all additional domains (SANs) can be specified right in your Namecheap account during the certificate activation. You can also generate a CSR code along with SANs on your server.
Once you have a CSR code, log into your Namecheap account to start the activation process.
The common name of the certificate (Primary Domain) will be filled in automatically. You will also have an opportunity to specify SANs (Subject Alternative Names - additional domains you would like to secure) by clicking Buy more domain seats button or on Product List prior to initiating activation:
If you generated the CSR along with SANs, they will be fetched automatically just as the primary domain.
If you click on this button, the following page will appear:
Here you can add SANs and proceed to checkout.
Please keep in mind that it is necessary to pay extra for every SAN (add-on domain) you would like to add to your multi-domain certificate.
There will be the following choices: CNAME-based, file-based and email-based.
Note: If you have activated the certificate with domain.com or www.domain.com indicated as FQDN (Fully Qualified Domain Name) in your CSR code, please make sure that the file is available via http://domain.com/.well-known/pki-validation/file.txt. In this case, www.domain.com is considered to be under your control as well.
Content of the file shouldn't be changed in any way, as Comodo (now Sectigo) validation system is case sensitive.
You can find more information about DCV methods here.
It is possible to either use different method for each domain name (subdomain), or check the corresponding option to use the same method for all of them.
Note: In order to have a multi-domain certificate validated and issued, it is necessary to complete the validation process for every SAN separately (receive the approval emails, upload the activation file to the root directory of every website, create the CNAME record for every domain name and/or subdomain included to the certificate).
Another thing is that www and non-www versions of one website are considered as two different hostnames, so if you would like to secure both www and non-www versions of one website, it will be necessary to specify both of them in the list of SANs.
Once the DCV methods are chosen for all domain names, you can move forward by clicking Next.
Note: Administrative contact email cannot be changed after the activation is done, however, issued SSL can always be downloaded from the Namecheap account.
In case organization or extended validation certificate is activated, you will be asked to submit company contact information:
Note: The Representative section is listed only for OV certificates. For EV orders, the aforementioned section is not required.
You will be taken to the page where you can check the details regarding your certificate (Validity period, Validation level, Certificate Authority ID, Namecheap Order ID and number of the domains to be secured with the certificate in question):
From here you can change the validation method by following the "from this page Edit methods" link and clicking the Edit methods button on the next page:
You can resend the approval email/download the activation file/get the corresponding values for the CNAME record by clicking on the small arrow next to Edit Methods option:
It usually takes 10-15 minutes to deliver the approval email. You will need to enter the validation code into the corresponding field (the code can be found in the same email).
Here is an example of the approval email sent by Comodo (now Sectigo) for email-based validation:
File- and CNAME-based validation may take longer, as these processes are fully automated and checks are performed on the side of the Certificate Authority over a certain period of time.
If validation fails, make sure that the file is uploaded/CNAME is set up correctly and accessible all over the world.
Once the email is received/file or record is accessible, and the DCV process is completed, your DV (Domain Validation) SSL certificate will be emailed to the administrative contact email address mentioned during the activation.
As for Organization Validation (OV) and Extended Validation (EV) SSL certificates, DCV should be completed prior to the documents submission. The list of the documents required for further validation depending on the type of the certificate will be emailed to you as well.
You can also find the requirements of Comodo CA (now Sectigo CA) for OV and EV certificates validation here.