The SSL security certificate is an essential part of how e-commerce stores operate, ensuring that critical information for online sales (such as transactional data) is transmitted and received securely. For VTEX stores to function properly, a valid SSL certificate is mandatory, and it is visible in the button next to the URL in the browser:
However, like many security tools, SSL certificates have an expiration date and must be continuously renewed to ensure protection remains up to date. On any page, you can view certificate details (by clicking the button in the lower right corner of the image above) and you will see information like the one below. As we can see, this certificate is valid until February 2024:
Because of this renewal requirement, it is natural to be concerned about whether the process goes smoothly. However, for the vast majority of accounts within VTEX, there is absolutely nothing to worry about. This is because a native part of VTEX is its partnership with Let’s Encrypt, which issues certificates for all VTEX accounts and renews them automatically. This renewal is always performed 15 days before the current certificate expires. Therefore, even if you receive a notice that your certificate is about to expire, no action is required on the part of customers.
The exception to this rule, which is extremely rare and not recommended by VTEX, is a situation in which a store has chosen to purchase its own SSL certificate issuance service. In this case, the store had to open a ticket with the VTEX support team to have that certificate installed manually and, once done, will need to open new tickets to have renewed versions added whenever the certificate expires. I want to reiterate that this is an exceptional scenario, and customers using this method should take it into account in their internal planning. If you are a VTEX customer and are not aware of such a process within your store, and your store’s certificate is issued by Let’s Encrypt (as shown in the image above), you are expected to be using VTEX’s own automatic certificate.