How do I Renew a TLS/SSL Certificate?
All public TLS/SSL certificates are only valid up to 397 days. This means that you must renew your public TLS/SSL certificates annually.
To renew your public TLS/SSL certificates first you must generate a CSR. Second, login to your DigiCert CertCentral account and fill out the renewal form. Once approved, we issue and send the renewed certificate to the certificate contact via email. You can also download the renewed certificate in your CertCentral account. Then you must install the certificate. Read detailed instructions here.
Why do I Need to Install a New Certificate if I'm Only Renewing my Existing Certificate?
Technically, when you renew a certificate, you are purchasing a new certificate for the domain and company. Industry standards require Certificate Authorities to hard code the expiration date into certificates. When a certificate expires, it is no longer valid and there is no way to extend its life. So, when you "renew" your certificate, DigiCert must issue a new one to replace the expiring one, and you must install the new certificate on your server. To make renewing a certificate easier, DigiCert automatically includes the information from the expiring certificate in our renewal wizard. However, because you're ordering a new certificate, you can update any of the information during the order process, if needed. Note: If you change any of your organization’s information (location, etc.) you may need to provide new validation documentation to verify the changes. You should also change the organization information in the CSR.
Do I Need to Renew my CSR When I Renew my Certificate?
Yes, best practices are to generate a new certificate signing request (CSR) when renewing your TLS/SSL certificate. Generating a new CSR creates a new unique keypair (public/private) for the renewed certificate.
For more information, see Create a CSR.