Title Automatic SSL for Custom Domains: Frequently Asked Questions
As of August 2026, Infigo is moving all custom domains to automatic SSL using Let's Encrypt. This article answers common questions about the change, covering what it means for your storefront, what setup is needed for new domains, the available certificate options, and how to opt out if required.
Problem If you manage a custom domain on an Infigo storefront, you may have questions about how SSL certificates will be handled going forward. Previously, obtaining and installing an SSL certificate required purchasing one yourself and raising a support request. Infigo is replacing this process with automatic certificate issuance and renewal, meaning you will no longer need to track expiry dates or coordinate renewals with support.
Some customers may also be wondering whether any action is required before or during the rollout, or whether existing certificates will simply carry on working.
The basics
What is changing? Infigo is moving custom domains to automatic SSL. Instead of purchasing a certificate and having it installed via support, Infigo issues and renews certificates for you automatically using Let's Encrypt. Your site stays on HTTPS with nothing to track or renew.
Is Let's Encrypt safe and trusted? Yes. Let's Encrypt is a free, non-profit certificate authority trusted by every major browser. It is the same technology used for automatic HTTPS on platforms such as Shopify, Squarespace, Wix, Webflow, and Cloudflare.
Does this cost anything? No. Let's Encrypt certificates are free, and Infigo handles issuance and renewal. You no longer pay for SSL certificates.
Why is this change happening now? Certificate validity periods are shrinking industry-wide: from 398 days currently to 200 days (March 2026), 100 days (March 2027), and 47 days by 2029. Manual renewal becomes impractical at those frequencies. Automation means you never need to act on it.
Setup
What do I need to do? For existing domains, nothing. They will keep working and Infigo takes over renewal automatically.
The steps below apply only when you add a new domain:
-
Add the new domain or binding in Storefront Management.
-
Open Default DNS in Admin to get the DNS target for your platform.
-
Point your domain at that target in your DNS provider.
Once Infigo detects that your DNS is live, HTTPS goes live in approximately 5 to 10 minutes.
Where do I find the DNS details? In Storefront Management Admin, under Default DNS. It shows the target your domain should point to. Use the same steps for every new domain you add.
How long does setup take? After DNS is correctly pointed and detected as live, the certificate is issued and the site is on HTTPS in about 5 to 10 minutes. DNS propagation on your provider's side may take additional time before Infigo can detect the change.
Do I need to renew anything? No. Renewal is automatic, roughly every 60 days, well before expiry.
Certificate options Infigo supports several ways to group certificates. By default, the most efficient option is selected for you.
-
SAN certificates managed by Infigo (default, recommended): Several of your domains and subdomains share a single certificate. This is the most efficient option and requires nothing extra from you. For most customers, this is the right choice.
-
One certificate per domain/subdomain group: A domain and its subdomains share one certificate.
-
One certificate per storefront: Useful for larger projects or resellers that want certificates aligned to individual storefronts.
-
Self-managed via Admin (enterprise): If you have an enterprise certificate authority or specific compliance requirements, you can upload and manage your own certificate through the Admin UI. This option is intended primarily for enterprise customers.
If you are unsure which option fits, the default (SAN, managed by Infigo) is the right answer for almost everyone.
Opting out
Can I keep managing my own certificates? Yes, but you must request an exclusion. If you need to keep your own certificate for an enterprise CA or a compliance requirement, raise a support ticket listing the domain(s) and your reason, and the team will exclude you from the automatic rollout.
What happens if I do nothing? Your domains will be moved onto automatic SSL during the mid-August rollout. For almost all customers, this is the desired outcome: secure, free, and zero maintenance.
Timing
When does the rollout happen? Automatically across all platforms in mid-August 2026, on a sliding window of approximately plus or minus 2 weeks. Not every platform switches on the same day.
Will my site go down during the switch? No. Infigo issues and validates the new certificate before retiring the old one, so there is no gap in HTTPS coverage.
Closing note
For additional guidance, please contact our Customer Support team.
Article metadata audience:storefront-admin; infigo-area:Storefront Management,Custom Domains,SSL Certificates,DNS Configuration; difficulty:low; source:email-submission