SSL Certificate Renewal Made Easy
Renewing DigiCert SSL certificates is easy; just follow the basic instructions below to renew your certificate. Note that for some server types these steps may vary. See the FAQ section below for more information.
STEP 1: Generate a new CSR, if needed. See the FAQ section below for more information.
On the My Orders tab, next to the certificate you want to renew (and complete the renewal request), click Renew. After you complete the renewal request, DigiCert will perform a quick cross-check verification. If your organization’s information was changed in the CSR, you may need to provide new documentation to verify the changes.
Note: Certificates can be renewed up to 90 days before expiration. The renew button is not available until 90 days before your certificate expires.
STEP 4: Once approved, the renewed certificate is sent to the certificate contact in an email. You can also download the renewed certificate in your DigiCert Management Console.
STEP 5: On your server, install and configure the new certificate. We recommend that you make sure the new certificate is installed and configured properly before you uninstall your old certificate. This way if there is a problem with your new certificate or if there is a delay in getting your new certificate installed your sites are still secure.
STEP 6: Once the new certificate is correctly installed and you have verified that it is working correctly you can remove your old certificate. It’s a good idea to create a backup of the certificate before you remove it as a precaution. Note that we don’t recommend removing the original system-generated self-signed certificate. This can cause you server to become unstable (especially with Windows servers).
SSL Renewal Instructions by Server Type
The renewal process for some servers is slightly different than the instructions listed above. See the links below for specific instructions by server type.
ANSWER: It is not possible to extend the life of a certificate because certificate expiration dates are hard-coded into the certificates themselves. So, technically, when you ‘renew’ a certificate you are purchasing an entirely new certificate, just for the same company/domain. Because of this, DigiCert must issue a new SSL Certificate to replace the existing one on your server and you must install the certificate just like you did before.
Because it can be difficult to remember all the company and domain information for your expiring certificate, DigiCert automatically includes some of this information in our renewal request wizard. If you need to update this information you can do so during the request process. Note that if any of your organization's information has changed (location, etc.) you may need to provide new documentation to verify the changes. You should also change the information in the CSR.
ANSWER: Depending on your server type, you may also have to generate a new CSR. Many servers, including Apache servers, allow you to install a new certificate without generating a new CSR. However, the following servers require that you generate a new CSR:
- Windows servers
- Tomcat servers
- Java-based servers
- Most applications, such as firewalls, load balancers, etc.
If you have any of the above server platforms, you must generate a new CSR before you submit your renewal. Note that if you have a Windows server you can use the free DigiCert Certificate Utility for Windows which has an easy CSR generator for Windows servers.
Professional Support Available Anytime!
We try to keep our online documentation as up-to-date as possible. However, if you have a particular article or platform that you would like to see documentation for, please email us.
Support Toll Free: 1-800-896-7973 (US & Canada)
Support Direct: 1-801-701-9600
Fax Toll Free: 1-866-842-0223 (US & Canada)