In WHMCS 8.5, you can sell multi-year SSL Certificates once again.

As you may be aware, back at the end of 2020, the CA Browser Forum (or CAB Forum for short), announced that they would be restricting certificate lengths to 397 days (13 months). This was in an effort to increase security, both by requiring the information used to validate identities for certificates be checked more frequently, and by giving shorter lifespans to individual certificates which allows changes and updates to take effect more quickly.

Following that change, the option to buy certificates for 2 and 3 years went away. However, with WHMCS 8.5 they are making a return.

Read on to learn all about how it works, and why you need to be offering Multi-Year SSL.

SSL is no longer optional. Every website needs SSL protection, and therefore every web-host should be providing solutions for it. And with web hosting services commonly being purchased in 2 and 3 year terms to get the lowest pricing, it makes sense for SSL services to be sold with matching terms for optimal convenience for the customer when it comes to invoicing and renewals.

For you as a web hosting provider, it also makes sense to get customers bought into and committed to your ecosystem of products for longer terms, and you also benefit from better pricing for the increased terms, ranging from 10 to 25% discount.

It's also a good thing for customers, because they get reduced renewals, the ability to lock in the current pricing for their SSL certificates, and, if you choose to pass some of your savings on, customers save a bit of money also.

The restriction on certificate lifetimes of 1 year + 1 month remains in place. So how does WHMCS offer a multi-year SSL product? It does this by creating an order which is valid for the chosen term, and then issueing multiple certificates throughout the lifetime of that single order.

This is where an automation platform like WHMCS is crucial, because with WHMCS, the "reissuing" of certificates when one expires can be fully automated creating an entirely transparent process of continuous and uninterrupted SSL protection.


For multi-year SSL orders, 1 month prior to the expiry of the current certificate, WHMCS will initiate a reissue request automatically, generating a new CSR and submitting that to Digicert. File or DNS based domain control validation will be used whenever possible, requiring no intervention from the end user, and enabling the certificate to be validated and issued automatically. Upon issuance, WHMCS will fetch the certificate automatically and install it to the hosting control panel, thereby extending the coverage.

It wouldn't be a blog post about SSL Certificates without mentioning the Free vs Paid debate. While free certificates are now widely available, for online businesses, where customers are transacting, and where the business needs the trust of its users, paid certificates which validate the authenticity of the business are still vital, and only OV and EV level certificates from trusted providers such as GeoTrust and Digicert offer this level of authentication.

You will need to be running WHMCS 8.5 or later to be able to offer 2 and 3 Year SSL Certificates. WHMCS 8.5 is currently in Release Candidate status and will be moving to General Availability soon.

Upon upgrade from an earlier version, if you are already selling SSL via MarketConnect, the 2 and 3 year terms will be activated for you automatically. Pricing will be set automatically using the multipliers of 1.9 for 2-Years, and 2.8 (or 2.75 for DigiCert-branded certificates) for 3-Years.

If you are not yet selling SSL, simply navigate to Configuration () > System Settings > MarketConnect and click the Activate button under the DigiCert offering to get started. Follow the steps on screen and you'll be up and running and selling SSL in no time.

For more information about SSL Automation in WHMCS, click here. For more information about Multi-Year SSL Certificates, documentation has been available on here.

If you have any comments or questions, we invite you to ask them in the comments below.

Thanks for reading!