To secure a custom domain (such as www.whatever.org instead of whatever .wildapricot.org), you need to obtain a custom security certificate (aka SSL certificate) for your domain. That way, all traffic to your site is verified as safe and encrypted.
If you use a custom domain without a security certificate, you cannot set the domain as your primary Wild Apricot domain.
Automatic Let's Encrypt certificates
We will automatically issue a free Let's Encrypt certificate for you when you add your custom domain from the Domain name management screen.
Wild Apricot does not charge an installation fee or a renewal fee for security certificates from Let's Encrypt.
If a CAA record has been set up for your domain, make sure to add letsencrypt.org to it so that Let's Encrypt is allowed to issue a certificate for your domain.
Checking the status of your certificate
On the Domain name management screen, two status icons will appear for each domain name, one for your DNS settings and one for your Let's Encrypt certificate.
The status of security certificates obtained from vendors other than Let's Encrypt are not tracked on this screen.
A green checkmark icon indicates that your DNS settings are correct, or that a Let's Encrypt certificate has been successfully installed for that domain. If any other icon appears, you can click the Check button to view a Domain checking dialog with more details.
The different icons that might appear, and the corresponding status message that is displayed on the Domain checking dialog, are listed below.
Icon | Message | Meaning |
---|---|---|
Certificate installation is in progress | Your certificate is being processed. It can take up to 30 minutes to complete processing. | |
Certificate installed | A Let's Encrypt certificate has been successfully installed for this domain. | |
No Let's Encrypt certificate | A Let's Encrypt certificate has not been successfully installed for this domain. If this message appears after trying to install a certificate, see Troubleshooting certificate failures (below). | |
Unable to auto-renew certificate | The existing Let's Encrypt certificate did not automatically renew. See Automatic certificate renewal (below) for more information. | |
Unable to determine certificate status | An unknown error occurred. The certification service may be temporarily unavailable. |
Troubleshooting certificate failures
If an error icon or message appears indicating that your Let's Encrypt certificate has not been successfully installed or renewed, you should review the following list of the most common causes of certificate failures.
- Your custom domain was not set up according to these instructions.
- Your custom domain was previously directed to a different site and there's still an old IPv6 record (AAAA record) within your custom domain settings. In this case, you need to access your domain settings with your domain name provider and remove the IPv6 record (AAAA record).
After correcting issues with your domain, you can reissue the certificate by removing and re-adding your domain on the Domain name management screen, or by clicking the Issue certificate link from the Domain checking dialog.
If you are unable to identify and correct the issue with your domain name, contact Wild Apricot Support.
Automatic certificate renewal
Let's Encrypt security certificates automatically renew themselves every 3 months without any notification. However, if you've made changes to your DNS settings, the certificate might fail to renew.
If your certificate fails to auto-renew, a warning icon will appear beside the domain name, and a message beginning with "Unable to auto-renew certificate" will appear on the Domain checking dialog.
In this case, check your DNS settings against these instructions then try issuing the certificate again.
Security certificates purchased from an external vendor are not automatically renewed.
Obtaining a security certificate from any other vendor
We cannot issue Organization Validation or Extended Validation certificates with Let's Encrypt. If you want to use either with WildApricot, you will need to purchase one from a different security certificate vendor.
The cost of a one-year security certificate from a vendor other than Let's Encrypt begins around $100. To install the security certificate from a vendor other than Let's Encrypt on your custom domain, we charge an initial fee of $50 and a renewal fee of $50.
The steps involved in purchasing and installing a custom security certificate from a vendor other than Let's Encrypt are as follows:
- Choose a security certificate vendor. You should avoid purchasing certificates from WoSign and StartCom. They are no longer considered to be trusted authorities. For details, click here.
- Have a full account administrator send an email to Wild Apricot support and provide the following information:
Country/region Name (2 letter code)
You can find your two-digit country code at: www.digicert.com/ssl-certificate-country-codes.htm
State/province (full name)
City
Organization name
The legally registered name of your organization/company (maximum 64 symbols, including spaces).
Organizational unit name
The name of your department within the organization (frequently this entry will be listed as "IT," "Web Security," or is simply left blank).
Common name
The name/domain through which the certificate will be accessed (usually the fully-qualified custom domain name e.g. www.domain.com. Note some vendors might not generate the SSL certificate for both www.domain.com and domain.com, so be sure to specify the main domain you would like to use).
Email Address - Our support representative will generate and email you a CSR(Certificate Signing Request). You can use the CSR to order an SSL certificate from your vendor. For security reasons, we cannot accept the sharing of the SSL private keys, or install on our servers SSL certificates that were not based on our Certificate Signing Requests (CSRs).
- Visit your vendor's website and use the CSR to order your certificate. Make sure the SSL certificate you purchase is for Apache or Nginx, and make sure your vendor includes the following statements in the SAN (Subject Alternative Name) section of the certificate so that it applies to your website's URL with and without the www: DNS Name=www.yourdomain.com DNS Name=yourdomain.com
- After receiving the SSL certificate from your vendor, email it to us – usually, it is an archive file or CRT/CER files provided by certificate vendor – and separately send the intermediate certificate file.
- After we receive the certificate from you, we'll install it on your website and let you know when we're done.
- Finally, we will instruct you to update your custom domain's DNS settings. We'll provide the details but you'll need to contact your domain name provider, or access your domain registrar account online, to perform this step.
Once the process is complete, we'll invoice you for the installation fee.
The status of security certificates issued by vendors other than Let's Encrypt will not be tracked on the Domain name management screen.