diff --git a/services/web/app/src/Features/Subscription/SubscriptionController.js b/services/web/app/src/Features/Subscription/SubscriptionController.js
index d2b68c8bda..0f064a8ffe 100644
--- a/services/web/app/src/Features/Subscription/SubscriptionController.js
+++ b/services/web/app/src/Features/Subscription/SubscriptionController.js
@@ -205,21 +205,6 @@ async function paymentPage(req, res) {
         currency = recommendedCurrency
       }
 
-      // Prevent checkout for users without a confirmed primary email address
-      const userData = await UserGetter.promises.getUser(user._id, {
-        email: 1,
-        emails: 1,
-      })
-      const userPrimaryEmail = userData.emails.find(
-        emailEntry => emailEntry.email === userData.email
-      )
-      if (userPrimaryEmail?.confirmedAt == null) {
-        return res.render('subscriptions/unconfirmed-primary-email', {
-          title: 'confirm_email',
-          email: userData.email,
-        })
-      }
-
       // Block web sales to restricted countries
       if (['CU', 'IR', 'KP', 'RU', 'SY', 'VE'].includes(countryCode)) {
         return res.render('subscriptions/restricted-country', {
@@ -243,6 +228,22 @@ async function paymentPage(req, res) {
   }
 }
 
+async function requireConfirmedPrimaryEmailAddress(req, res, next) {
+  const userData = await UserGetter.promises.getUser(req.user._id, {
+    email: 1,
+    emails: 1,
+  })
+  const userPrimaryEmail = userData.emails.find(
+    emailEntry => emailEntry.email === userData.email
+  )
+  if (userPrimaryEmail?.confirmedAt != null) return next()
+
+  res.status(422).render('subscriptions/unconfirmed-primary-email', {
+    title: 'confirm_email',
+    email: userData.email,
+  })
+}
+
 function formatGroupPlansDataForDash() {
   return {
     plans: [...groupPlanModalOptions.plan_codes],
@@ -849,4 +850,7 @@ module.exports = {
   recurlyNotificationParser,
   refreshUserFeatures: expressify(refreshUserFeatures),
   redirectToHostedPage: expressify(redirectToHostedPage),
+  requireConfirmedPrimaryEmailAddress: expressify(
+    requireConfirmedPrimaryEmailAddress
+  ),
 }
diff --git a/services/web/app/src/Features/Subscription/SubscriptionRouter.js b/services/web/app/src/Features/Subscription/SubscriptionRouter.js
index c998352751..d54e483abc 100644
--- a/services/web/app/src/Features/Subscription/SubscriptionRouter.js
+++ b/services/web/app/src/Features/Subscription/SubscriptionRouter.js
@@ -30,6 +30,7 @@ module.exports = {
     webRouter.get(
       '/user/subscription/new',
       AuthenticationController.requireLogin(),
+      SubscriptionController.requireConfirmedPrimaryEmailAddress,
       SubscriptionController.paymentPage
     )
 
@@ -93,6 +94,7 @@ module.exports = {
       '/user/subscription/create',
       AuthenticationController.requireLogin(),
       PermissionsController.requirePermission('start-subscription'),
+      SubscriptionController.requireConfirmedPrimaryEmailAddress,
       SubscriptionController.createSubscription
     )
     webRouter.post(
diff --git a/services/web/test/unit/src/Subscription/SubscriptionControllerTests.js b/services/web/test/unit/src/Subscription/SubscriptionControllerTests.js
index ed8a27f953..fd96bf6f3c 100644
--- a/services/web/test/unit/src/Subscription/SubscriptionControllerTests.js
+++ b/services/web/test/unit/src/Subscription/SubscriptionControllerTests.js
@@ -388,28 +388,6 @@ describe('SubscriptionController', function () {
       })
     })
 
-    describe('with a user that has not confirmed their primary email address', function () {
-      beforeEach(function () {
-        this.LimitationsManager.promises.userHasV1OrV2Subscription.resolves(
-          false
-        )
-        this.PlansLocator.findLocalPlanInSettings.returns({})
-        this.UserGetter.promises.getUser.resolves({
-          email: 'test@example.com',
-          emails: [{ email: 'test@example.com' }],
-        })
-      })
-
-      it('should not render the checkout and instead show the unconfirmed primary email page', function (done) {
-        this.res.render = (page, opts) => {
-          page.should.equal('subscriptions/unconfirmed-primary-email')
-          opts.email.should.equal('test@example.com')
-          done()
-        }
-        this.SubscriptionController.paymentPage(this.req, this.res, done)
-      })
-    })
-
     describe('with a user from a restricted country', function () {
       beforeEach(function () {
         this.LimitationsManager.promises.userHasV1OrV2Subscription.resolves(
@@ -997,4 +975,28 @@ describe('SubscriptionController', function () {
       this.SubscriptionController.processUpgradeToAnnualPlan(this.req, this.res)
     })
   })
+
+  describe('requireConfirmedPrimaryEmailAddress', function () {
+    describe('when user does not have confirmed email address', function () {
+      beforeEach(function () {
+        this.req.user = { _id: 'testing' }
+        this.UserGetter.promises.getUser.resolves({
+          email: 'test@example.com',
+          emails: [{ email: 'test@example.com' }],
+        })
+      })
+
+      it('should show unconfirmed primary email page', function (done) {
+        this.res.render = (page, opts) => {
+          page.should.equal('subscriptions/unconfirmed-primary-email')
+          opts.email.should.equal('test@example.com')
+          done()
+        }
+        this.SubscriptionController.requireConfirmedPrimaryEmailAddress(
+          this.req,
+          this.res
+        )
+      })
+    })
+  })
 })