Every WordPress site hosted on WP.pro receives free TLS certificates issued by our partner CAs, such as Google and Let’s Encrypt.

Certificates are issued for any hostname added through the WP.pro client portal with the correct DNS entry created by the customer. We only use exact host names and do not generate certificates for variations (like wildcards).

We utilize a multi-layered CDN to prevent any single point of failure. If one CDN fails, we can quickly remove it from the chain without disrupting service. To ensure this, we run two certificates in parallel: one in the Cloudflare CDN and one in the WP.pro CDN. These certificates are automatically issued and renewed every few weeks.

Each issued certificate contains the hostname for which it was requested. Additional hostnames receive dedicated certificates as well.

Validation is automated via an HTTP request from the Certification Authority (CA). This request is terminated at our CDN and recognized as such.

No further action required.

No action is needed if there are currently no CAA entries in your DNS zone. However, if entries exist to prevent unauthorized CAs from issuing TLS certificates, ensure that letsencrypt.org and pki.goog are included in your list of trusted CAs.