diff --git a/acme4j-it/src/test/java/org/shredzone/acme4j/it/ProviderIT.java b/acme4j-it/src/test/java/org/shredzone/acme4j/it/ProviderIT.java
index 5fcc024b..0510aeb7 100644
--- a/acme4j-it/src/test/java/org/shredzone/acme4j/it/ProviderIT.java
+++ b/acme4j-it/src/test/java/org/shredzone/acme4j/it/ProviderIT.java
@@ -19,6 +19,7 @@
 import java.net.MalformedURLException;
 import java.net.URL;
 
+import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Test;
 import org.shredzone.acme4j.Session;
 import org.shredzone.acme4j.connector.Resource;
@@ -67,7 +68,7 @@ public void testPebble() throws AcmeException, MalformedURLException {
     }
 
     /**
-     * Test ssl.com
+     * Test ssl.com, production
      */
     @Test
     public void testSslCom() throws AcmeException, MalformedURLException {
@@ -83,6 +84,18 @@ public void testSslCom() throws AcmeException, MalformedURLException {
         assertThat(sessionRsa.getMetadata().isExternalAccountRequired()).isTrue();
         assertThat(sessionRsa.getMetadata().isAutoRenewalEnabled()).isFalse();
 
+        // If this test fails, the metadata has been fixed on server side. Then remove
+        // the patch at ZeroSSLAcmeProvider, and update the documentation.
+        var sessionEABCheck = new Session("https://acme.ssl.com/sslcom-dv-ecc");
+        assertThat(sessionEABCheck.getMetadata().isExternalAccountRequired()).isFalse();
+    }
+
+    /**
+     * Test ssl.com, staging server
+     */
+    @Test
+    @Disabled("Instable due to frequent certificate expiration of acme-try.ssl.com")
+    public void testSslComStaging() throws AcmeException, MalformedURLException {
         var sessionEccStage = new Session("acme://ssl.com/staging/ecc");
         assertThat(sessionEccStage.getMetadata().getWebsite()).hasValue(new URL("https://www.ssl.com"));
         assertThatNoException().isThrownBy(() -> sessionEccStage.resourceUrl(Resource.NEW_ACCOUNT));
@@ -95,10 +108,8 @@ public void testSslCom() throws AcmeException, MalformedURLException {
         assertThat(sessionRsaStage.getMetadata().isExternalAccountRequired()).isTrue();
         assertThat(sessionRsaStage.getMetadata().isAutoRenewalEnabled()).isFalse();
 
-        // If these tests fail, the metadata have been fixed on server side. Then remove
+        // If this test fails, the metadata has been fixed on server side. Then remove
         // the patch at ZeroSSLAcmeProvider, and update the documentation.
-        var sessionEABCheck = new Session("https://acme.ssl.com/sslcom-dv-ecc");
-        assertThat(sessionEABCheck.getMetadata().isExternalAccountRequired()).isFalse();
         var sessionEABCheckStage = new Session("https://acme-try.ssl.com/sslcom-dv-ecc");
         assertThat(sessionEABCheckStage.getMetadata().isExternalAccountRequired()).isFalse();
     }
diff --git a/pom.xml b/pom.xml
index 38520326..640242b6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -55,6 +55,7 @@
         <httpclient.version>4.5.14</httpclient.version>
         <jakarta.mail.version>2.0.1</jakarta.mail.version>
         <jose4j.version>0.9.6</jose4j.version>
+        <junit.version>5.10.2</junit.version>
         <slf4j.version>2.0.13</slf4j.version>
         <project.build.sourceEncoding>utf-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>utf-8</project.reporting.outputEncoding>
@@ -189,13 +190,19 @@
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-api</artifactId>
-            <version>5.10.2</version>
+            <version>${junit.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-params</artifactId>
-            <version>5.10.2</version>
+            <version>${junit.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-engine</artifactId>
+            <version>${junit.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>
diff --git a/src/doc/docs/ca/sslcom.md b/src/doc/docs/ca/sslcom.md
index 7fcd537d..aec2c2a5 100644
--- a/src/doc/docs/ca/sslcom.md
+++ b/src/doc/docs/ca/sslcom.md
@@ -2,7 +2,7 @@
 
 Web site: [SSL.com](https://ssl.com)
 
-Available since acme4j 3.2.0
+Available since acme4j 3.2.0. **This provider is experimental!**
 
 ## Connection URIs
 
@@ -14,6 +14,7 @@ Available since acme4j 3.2.0
 ## Note
 
 * This CA requires [External Account Binding (EAB)](../usage/account.md#external-account-binding) for account creation. However, the CA's directory resource returns `externalAccountRequired` as `false`, which is incorrect. If you use one of the `acme:` URIs above, _acme4j_ will patch the metadata transparently. If you directly connect to SSL.com via `https:` URI though, `Metadata.isExternalAccountRequired()` could return a wrong value. (As of February 2024)
+* The certificate of the ssl.com staging server seems to be unmonitored. When it expires, an `AcmeNetworkException` is thrown which is caused by a `CertificateExpiredException`. There is nothing you can do to fix this error, except to ask the ssl.com support to renew the expired certificate on their server. **Please do not open an issue at acme4j.** (As of June 2024)
 
 ## Disclaimer