Frequently asked questions about Gandi SSL certificates

For starters, let's describe our offer:

  • Certificate included with your domain

When you register a domain name at Gandi, we provide you with the possibility of creating an SSL certificate for it that is included for free for the first year.

You totally own this certificate and the private key that goes with it. You are therefore able to install the certificate wherever you want (notably in the event that your server is not hosted by Gandi). However, note that after a year, the certificate expires, and so you will need to purchase a new one if you want to continue to secure the address. This new one will not be free at Gandi.

  • Free certificate with your Simple Hosting instance

When you subscribe to our Simple Hosting offer at Gandi, you benefit from free SSL certificates starting from S+ size instance (the “S” offer does not support SSL), for each vhost (site) that is installed on our hosting platform.

Each certificate will be automatically created by our system, will be a “standard” certificate, and will be automatically renewed each year. However, you do not have access to the private key and this certificate will only work on our Simple Hosting platform. If the domain should one day no longer belong to you, if the entry is deleted, and/or if the hosting is moved elsewhere, the certificate will be automatically revoked.

If you register your domain name with Gandi AND you host its website on our simple Hosting platform, we strongly advise you to use the automatic certificate with Simple Hosting, which has the advantage of being renewed each year automatically.

The method used to validate the ownership of a domain via DNS records has recently been modified to provide a more secure entry (SHA2).

If it does not work after waiting about 2 hours, then please check that your CNAME record name starts with an underscore “_”.