What is a EuropeanSSL ACME account and how are SSL certificates billed?

Traditionally, SSL certificates from EuropeanSSL were ordered in the Eunetic shop or via the REST API, validated by email, and finally issued in PEM format as an email attachment. With durations of up to 3 years for SSL certificates, this partially manual effort was justifiable and common. With increasing security requirements, the possible durations are becoming increasingly shorter, currently at one year and will be reduced to just 90 days in the foreseeable future. Thus, at least for SSL certificates, there will soon be no way around the most comprehensive possible automation.

For this purpose, the ACME protocol (Automatic Certificate Management Environment) was developed and introduced as a new standard in 2019. Certificates are requested, validated, installed, and automatically renewed via a so-called ACME client (which must be installed on your server). Despite the short certificate validity, only a single order is required, and your domain(s) will automatically receive a valid SSL certificate continuously until revoked. Since 2021, ACME has supported not only multi-domain certificates but also wildcard domains.

EuropeanSSL ACME Account

In order for your ACME client to request certificates, you need an ACME account that provides the corresponding EAB credentials (External Account Binding). Such an account also determines which type of certificate should be issued (DV = domain validated, OV = organization validated) and in which time periods billing occurs (1, 2, or 3 years with discounts for longer durations).

ACME accounts can be set up for free. Costs arise only from the activation of domain names. For your ACME client to request a certificate for www.yourdomain.de, you must order this domain once through the Eunetic shop or the REST API and thereby activate it for the ACME account.

You can create multiple ACME accounts at no extra cost to categorize and manage all your domains or certificates, for example by server or organizational area. If you want to set up an ACME access for your own customers, this is of course also possible.

Invoice for ACME Domains

Unlocked domains can be canceled free of charge within 30 days. If this does not happen, billing will be done in advance for the term specified in the ACME account. After the 30 days, cancellation or cost reimbursement is no longer possible.

Since the ACME account, as the overarching instance, determines the terms of all included domains, the actual costs incurred depend on the time of domain activation:

• With the first unlocked domain, the first term begins (e.g., 3 years). This domain will be billed for the full 3 years.
• If, for example, another domain is ordered 6 months later, it will only be billed for 2.5 years proportionally.
  

You are free to choose whether you want to activate an automatic renewal for another term for your ACME account or not.

• With automatic renewal activated, the full term will be billed again for all domains still in the ACME account. No further costs will be incurred for domains removed from the account in time.
• If no automatic renewal is active, the ACME account will be deactivated, and the ACME client will no longer be able to retrieve certificates for the domains. Manual reactivation is possible within 3 months after expiration, with a full term being billed for all domains in the account.