CertaDNS

Account & Subscription Management

Available on: Free Plus Pro Elite

1. What This Feature Does

Account & Subscription Management controls user registration, authentication, profile settings, subscription plans, billing, and account lifecycle. You register an account with username, email, and password, verify your email address, and log in to access CertaDNS services. Through the Settings page, you manage your profile information, change your password, view login activity, upgrade or downgrade subscription plans, and handle billing through Stripe or PayPal.

Each account tracks creation metadata (IP address, country code, IP insights tags), login attempts, and subscription status. Subscription changes take effect immediately, and canceled subscriptions continue providing paid features until the subscription end date. Account deletion disables the account and removes all user-created domains from the DNS system.

2. When You Should Use It

  • You need to create a CertaDNS account to access Dynamic DNS, DNS management, or other platform features.
  • You want to update your email address, name, or password after initial registration.
  • You forgot your password and need to reset it using the email recovery process.
  • You want to upgrade from the Free plan to access features like API keys, faster TTL, or more domains.
  • You want to cancel a subscription but continue using paid features until the billing period ends.
  • You need to review recent login activity for security monitoring.
  • You are permanently leaving CertaDNS and want to delete your account and all associated domains.

3. When You Should Not Use It

  • Feature-specific settings: Domain creation, DNS record management, and API key generation have dedicated pages. Use those interfaces instead of the account settings.
  • Billing disputes: For payment errors, refund requests, or billing discrepancies, contact support rather than using the self-service subscription tools.
  • Temporary account suspension: Account deletion is permanent and cannot be undone. There is no "pause" or "suspend" option.
  • Sharing accounts: Each user should have their own account. Account sharing is not supported and may violate terms of service.

4. Prerequisites

  • A valid email address for registration and password reset.
  • Access to your email inbox to verify your email address during registration.
  • For password reset: access to the email address associated with your account.
  • For paid subscriptions: a valid payment method supported by Stripe (credit/debit card) or PayPal.
  • Free plan users: CAPTCHA completion is required on the initial login attempt each session.

5. How It Works (Brief)

When you register, the system creates a user record with enabled=False and sends a verification email with a 24-hour token. Clicking the verification link sets enabled=True and activates your account. Passwords are hashed with bcrypt and never stored in plaintext. Login attempts are logged with IP, country code, and success/failure status. If two-factor authentication is enabled, login requires both password and a TOTP code.

Sessions are stored in memory (or Redis if available) and last 24 hours. The session cookie is httpOnly, secure, and scoped to .certadns.com. Profile updates modify your email, first name, or last name. Password changes require the current password for verification.

Subscriptions are managed through Stripe or PayPal. Selecting a plan redirects you to the payment provider. After payment, the subscription record is created with status=active and ends_at set to the billing period end. Canceling a subscription sets status=canceled but leaves ends_at unchanged, enabling a grace period where paid features remain available. A cron script checks for expired subscriptions and downgrades accounts to Free when ends_at passes.

Account deletion sets enabled=False and account_type=disabled, deletes all user domains from the database and PowerDNS, and logs the deletions in the audit trail. The user record is preserved for audit purposes.

6. How to Use It

Registering an account

  1. Navigate to the Register page.
  2. Enter the following information:
    • Username: Unique identifier for login. Cannot be changed after registration.
    • Email: Must be a valid email address. Used for verification and password reset.
    • Password: Minimum 8 characters.
    • First Name: Your given name.
    • Last Name: Your surname.
  3. Click Register.
  4. A verification email is sent to your email address. Check your inbox and spam folder.
  5. Click the verification link in the email within 24 hours.
  6. Your account is activated. You can now log in.

Verifying your email

  1. Open the verification email sent from CertaDNS.
  2. Click the verification link. The link is valid for 24 hours.
  3. You are redirected to the login page with a success message.
  4. Log in with your username and password.

If the verification email does not arrive, check your spam folder. You can request a new verification email from the login page. Resend requests have a 5-minute cooldown.

Logging in

  1. Navigate to the Login page.
  2. Enter your username or email and password.
  3. Free plan users: Complete the CAPTCHA challenge on the initial login attempt.
  4. If two-factor authentication is enabled on your account, enter the 6-digit OTP code from your authenticator app.
  5. Click Login.
  6. On success, you are redirected to the Dashboard.

Resetting your password

  1. On the login page, click Forgot Password?
  2. Enter the email address associated with your account.
  3. Click Send Reset Link.
  4. A password reset email is sent. The reset token is valid for 1 hour.
  5. Click the reset link in the email.
  6. Enter your new password (minimum 8 characters).
  7. Click Reset Password.
  8. The token is invalidated. Log in with your new password.

Password reset requests have a 5-minute cooldown to prevent abuse.

Updating your profile

  1. Navigate to Settings > Profile.
  2. The following fields are displayed:
    • Username: Read-only. Cannot be changed.
    • Email: Editable. Changing your email does not require re-verification.
    • First Name: Editable.
    • Last Name: Editable.
  3. Modify the email, first name, or last name as needed.
  4. Click Update Profile.
  5. Changes are saved immediately.

Changing your password

  1. Navigate to Settings > Security.
  2. In the Change Password section, enter:
    • Current Password: Your existing password for verification.
    • New Password: Minimum 8 characters.
    • Confirm New Password: Must match the new password.
  3. Click Change Password.
  4. If the current password is correct and the new password meets requirements, the password is updated.
  5. You remain logged in. Future logins require the new password.

Viewing login activity

  1. Navigate to Settings > Security.
  2. Scroll to the Recent Login Activity section.
  3. The table shows the last 10 login attempts with the following columns:
    • Date/Time: Timestamp of the login attempt.
    • IP Address: Source IP in monospace font.
    • Country Code: Two-letter country code (e.g., US, GB).
    • Status: Green "Success" badge or red "Failed" badge.
  4. Review the activity for unfamiliar IP addresses or countries.

Upgrading or changing your subscription

  1. Navigate to Settings > Subscription.
  2. Your current plan is displayed (e.g., Free, Plus, Pro, Elite) with billing interval (Monthly or Annual) if applicable.
  3. Click Upgrade (or Change Plan if you have an active subscription).
  4. Select a plan and billing interval (Monthly or Annual).
  5. Click Continue to Payment.
  6. You are redirected to the payment provider (Stripe or PayPal).
  7. Complete payment with your credit card or PayPal account.
  8. On success, you are redirected to /payment-success. The subscription is activated immediately.
  9. If you cancel payment, you are redirected to /payment-cancelled. No subscription is created.

Canceling a subscription

  1. Navigate to Settings > Subscription.
  2. If you have an active subscription, the Cancel Subscription button is visible.
  3. Click Cancel Subscription.
  4. Confirm the cancellation in the dialog.
  5. The subscription status changes to canceled.
  6. Paid features remain active until the subscription ends_at date (grace period).
  7. After the grace period expires, your account reverts to the Free plan.
Grace Period: Canceled subscriptions retain all paid features until the billing period ends. For example, if you cancel a monthly subscription on January 15 that renews on February 1, you keep paid features until February 1. After that date, your account downgrades to Free.

Deleting your account

  1. Navigate to Settings > Account (or use the API endpoint DELETE /me).
  2. Click Delete Account.
  3. Confirm the deletion in the dialog. This action cannot be undone.
  4. Your account is set to enabled=False and account_type=disabled.
  5. All domains you created are deleted from the database and PowerDNS.
  6. Deletions are logged in the domain_updates audit table.
  7. You are logged out and cannot log in again.
Warning: Account deletion is permanent. All domains are removed from DNS and cannot be recovered. Your user record is preserved for audit purposes but the account cannot be reactivated.

7. Inputs and Settings

Registration fields

FieldDescriptionConstraints
Username Unique identifier for login. Cannot be changed after registration. Must be unique across all users. Alphanumeric and underscores recommended. Case-insensitive for login.
Email Primary contact email. Used for verification and password reset. Must be a valid email format. Must be unique across all users.
Password Account password. Hashed with bcrypt. Minimum 8 characters. No maximum length enforced.
First Name Your given name. Required. Can be updated in Settings.
Last Name Your surname. Required. Can be updated in Settings.

Login fields

FieldDescriptionConstraints
Username/Email Either your username or email address. System searches both fields. Case-insensitive.
Password Your account password. Must match the stored bcrypt hash.
CAPTCHA Proof-of-work challenge for Free users. Required on initial login attempt for Free accounts. Not required for paid plans.
2FA Code 6-digit TOTP code from authenticator app. Required only if two-factor authentication is enabled. Shown after password verification.

Subscription plans and pricing

PlanMonthlyAnnualFeatures
Free $0 $0 5 subdomains, 60-minute TTL, ads, CAPTCHA on login, no API access
Plus $5/mo $60/yr 50 subdomains, 60-second TTL, BYOD zones, web forwarding, 5 stealth flags, wildcard DNS, API access, no ads
Pro $10/mo $110/yr 100 subdomains, 10 stealth flags, priority support, analytics
Elite $25/mo $275/yr 500 subdomains, vanity nameservers, 50 stealth flags, priority support

Session parameters

ParameterValue
StorageIn-memory SessionStore (Redis if available)
Duration24 hours
Cookie namesession_id
Cookie attributeshttpOnly, secure, sameSite=lax, domain=.certadns.com
Session datauser_id, username, email, account_type, given_name, surname, has_2fa

8. Outputs and Results

Registration confirmation email

After registration, you receive an email with a verification link. The link includes a 32-byte random token and is valid for 24 hours. Clicking the link sets enabled=True and redirects you to the login page with a success message.

Login response

Successful login without 2FA returns user data and creates a session:

{
  "user_id": 123,
  "username": "exampleuser",
  "email": "user@example.com",
  "account_type": "plus",
  "given_name": "John",
  "surname": "Doe",
  "has_2fa": false
}

If 2FA is enabled, the initial response is:

{
  "requires_2fa": true
}

After providing the OTP, the full user data is returned.

Subscription status

The Subscription tab displays:

  • Plan name: Free, Plus, Pro, or Elite.
  • Billing interval: Monthly or Annual (if applicable).
  • Status badge: Active (green), Canceled (yellow), or Past Due (red).
  • Next billing date: The ends_at timestamp for active subscriptions.
  • Grace period indicator: "Your subscription is canceled. Paid features remain active until [date]." (if in grace period).

Login activity table

The Recent Login Activity table shows the last 10 attempts with:

ColumnDescription
Date/TimeTimestamp of the login attempt (ISO 8601 format).
IP AddressSource IP in monospace font.
Country CodeTwo-letter ISO country code (e.g., US, GB, DE).
StatusGreen "Success" badge or red "Failed" badge.

9. How to Interpret Results

Normal

  • Registration sends a verification email within a few minutes. Clicking the link activates your account.
  • Login succeeds and redirects you to the Dashboard. Session lasts 24 hours.
  • Subscription upgrade activates immediately. Plan features (domain limit, TTL, API access) are available right away.
  • Login activity shows your expected IP addresses and country codes. All recent attempts show "Success" status.
  • Canceled subscription shows "Canceled" status and retains paid features until the grace period ends.

Unexpected or worth investigating

  • Verification email not received: Check spam folder. If not found after 10 minutes, request a resend. Resend requests have a 5-minute cooldown.
  • Login fails with "Account not verified": You have not clicked the verification link. Check your email or request a new verification email.
  • Login activity shows unfamiliar IP addresses or countries: Someone may have accessed your account without authorization. Change your password immediately and enable two-factor authentication.
  • Subscription shows "Past Due" status: Payment failed or was declined. Update your payment method with Stripe or PayPal to reactivate the subscription.
  • Features revert to Free tier immediately after canceling: This should not happen. Canceled subscriptions have a grace period. Contact support if paid features are removed before ends_at.

Common interpretation mistakes

  • Username can be changed in Settings: Username is read-only after registration. Only email, first name, and last name can be updated.
  • Canceled subscription ends immediately: Canceled subscriptions retain paid features until the billing period ends. Check the grace period end date on the Subscription tab.
  • Password reset requires current password: Password reset via email does not require the current password. The "Change Password" form in Settings requires the current password.
  • Free users always see CAPTCHA: CAPTCHA is required only on the initial login attempt each session. Subsequent logins in the same session do not require CAPTCHA.

10. Common Issues and Explanations

"Username already exists" error during registration

The username you entered is already taken. Usernames must be unique across all users. Try a different username.

"Email already exists" error during registration

An account with this email address already exists. Use the password reset flow if you forgot your password, or register with a different email address.

"Password too short" error

Passwords must be at least 8 characters long. Use a longer password that meets the minimum requirement.

"Account not verified" error on login

You have not clicked the verification link in the registration email. Check your inbox and spam folder for the email. If the email is missing or the link expired (24 hours), request a new verification email from the login page.

"Invalid password" error on login

The password does not match the stored hash. Verify you are entering the correct password. If you forgot your password, use the "Forgot Password?" link to reset it.

"Invalid 2FA code" error on login

The 6-digit OTP code from your authenticator app is incorrect or expired. TOTP codes are time-based and valid for 30 seconds. Generate a new code and try again. Ensure your device's clock is synchronized.

"Too many requests" error when requesting verification email or password reset

Rate limit triggered. Verification email and password reset requests have a 5-minute cooldown. Wait 5 minutes and try again.

Payment success but subscription not activated

Webhook delay. Stripe and PayPal send subscription confirmation via webhook, which may take a few seconds. Refresh the Subscription tab after 30 seconds. If the subscription still does not appear, contact support with your payment confirmation.

Grace period ended but account still shows paid features

Cron script delay. The check_expired_subscriptions.py script runs periodically (e.g., every hour). The downgrade may take up to an hour after ends_at. If the delay exceeds several hours, contact support.

Account deletion did not remove all domains

This is a system error. Account deletion should remove all user domains from the database and PowerDNS. Contact support with your username for manual cleanup.

11. Limits and Constraints

Account limits

  • Username: Cannot be changed after registration.
  • Verification token expiry: 24 hours after registration.
  • Password reset token expiry: 1 hour after request.
  • Verification email cooldown: 5 minutes between resend requests.
  • Password reset cooldown: 5 minutes between reset requests.
  • Session duration: 24 hours.
  • Login activity history: Last 10 attempts displayed.

Password requirements

  • Minimum length: 8 characters.
  • Maximum length: No enforced maximum.
  • Complexity: No specific requirements (e.g., uppercase, numbers, symbols). Users are encouraged to use strong passwords.
  • Storage: Hashed with bcrypt. Never stored in plaintext.

Subscription constraints

ConstraintFreePlusProElite
Maximum domains550100500
TTL3600s60s60s60s
API accessNoYesYesYes
CAPTCHA on loginYesNoNoNo
AdsYesNoNoNo
Wildcard DNSNoYesYesYes
BYOD zonesNoYesYesYes
Stealth flags051050

Rate limits

  • Verification email resend: 1 request per 5 minutes.
  • Password reset request: 1 request per 5 minutes.
  • Login attempts: No hard limit, but excessive failures trigger account lockout (implementation-specific).

12. Related Features

13. Updates and Behavior Changes

  • Grace period support was added for canceled subscriptions. Users retain paid features until the subscription end date instead of losing them immediately upon cancellation.
  • Free plan CAPTCHA requirement was added to reduce automated abuse. Free users must complete a CAPTCHA on their initial login session.
  • Plus plan subdomain limits were increased from 25 to 50 subdomains.
  • Session cookie domain was changed to .certadns.com to support subdomains and cross-origin requests.
  • Login attempt tracking was enhanced to capture IP insights tags for fraud detection.
  • Account deletion now preserves the user record for audit purposes instead of physically deleting it from the database.

More in Account & Security

Two-Factor Authentication
API Keys

Still stuck?

If this article didn't resolve your issue, get in touch and we'll help.

Contact support