The fees for SSL certificates vary depending on the certificate type, domain name type, brand, and services that you select. Before you purchase a certificate, you must understand the billing details of the product. This topic describes the billing details for Certificate Service and explains how to manage expired SSL certificates.
Billing method
SSL certificates and their related services use the subscription billing method.
Billable item details
The following table lists all billable services for SSL certificates. You can select the services to purchase based on your needs.
For specific pricing information, see the buy page.
Service type | Billing description |
SSL Certificate Management Service | You can select a service period of 1, 2, or 3 years. The price for a 1-year service period includes only the SSL certificate fee. The prices for 2-year and 3-year service periods include the fees for the SSL certificate and the hosting service. Examples:
|
Certificate hosting service | Certificate hosting is a service that ensures automatic renewal for expiring SSL certificates. When a certificate is about to expire, the service helps you automatically apply for a new certificate to extend its validity. This prevents service disruptions that can occur if you forget to renew your certificate. Certificate hosting also provides an automatic deployment feature. If you enable automatic deployment, new certificates are automatically deployed to the corresponding cloud products after they are issued. Important
|
Cloud product deployment service | The cloud product deployment service fee is for one-click deployment of issued certificates to Alibaba Cloud products that require certificates, such as Anti-DDoS Pro and Anti-DDoS Premium, WAF, and CDN.
|
ECS deployment service | The ECS deployment service fee is for one-click deployment of issued certificates to Alibaba Cloud servers that require certificates, such as Simple Application Server or ECS instances.
|
SSL certificate validity period
Each SSL certificate has a lifecycle. All SSL certificates issued by Certificate Authorities (CAs) are valid for a maximum of 397 days.
Impact of an expired SSL certificate
When an SSL certificate expires, it can affect your website in the following ways:
The website becomes inaccessible.
Browsers display a security warning when users access the website.
The website's search engine ranking is negatively affected.
Communication between visitors and the website cannot be encrypted.
Handling of certificates that are about to expire
To prevent an expired SSL certificate from affecting your website, you must apply for and issue a new certificate before the current one expires. After the new certificate is issued, you must replace the expiring certificate with the new one on all Alibaba Cloud products and web servers where the old certificate is installed.
Certificate type | Actions to perform before expiration |
Official certificate | When the certificate is about to expire (within 30 calendar days before expiration), purchase a new certificate for renewal. Then, reapply for, issue, and install the new certificate.
|
Third-party certificate | Before the certificate expires, go to the third-party platform to purchase a new certificate. Then, use the Upload Certificate feature of Certificate Service to upload and deploy it again. To learn how to upload a certificate, see Upload, sync, and share SSL certificates. |
Data handling for expired SSL certificates
If an SSL certificate has been expired for more than one year, Alibaba Cloud automatically deletes it. Deleted certificates cannot be restored.