Skip to main content

Renew an SSL/TLS certificate

SSL/TLS certificate renewal made easy

Important

Industry standards change: End of 2-year public SSL/TLS certificates

On August 27, 2020, DigiCert stopped issuing public DV, OV, and EV SSL/TLS certificates with a maximum validity greater than 397 days. This change may affect your early certificate renewals.

You can still renew a certificate order as early as 90 days to 1 day before it expires. When you renew, DigiCert transfers as much remaining validity as possible to the renewed certificate without exceeding the new 397-day maximum certificate validity. Any validity that we cannot transfer directly to the certificate is transferred to your order. To learn more, see End of 2-year DV, OV, and EV public SSL/TLS certificates.

Need to renew your DigiCert SSL/TLS certificate? Follow the steps below to renew your certificate. See Renewal FAQ below for more information.

STEP 1: Generate CSR

To renew an SSL/TLS certificate, you’ll need to generate a new CSR. For more information about creating a CSR, see our Create a CSR (Certificate Signing Request). Or, use our easy CSR generator in the free DigiCert Certificate Utility for Windows.

Best practice is to generate a new CSR when renewing your SSL/TLS certificate. This creates a new, unique keypair (public/private) for the renewed certificate.

STEP 2: Sign in to your CertCentral account

STEP 3: Fill out the renewal form

After you submit the renewal order, DigiCert will perform a quick cross-check. If your organization’s information was changed in the CSR, you may need to provide new documentation to verify the changes.

  1. In CertCentral, in the left main menu, select Certificates > Expiring certificates.

  2. On the Expiring certificates page, next to the certificate that needs to be renewed, select Renew now.

Notice

A certificate doesn't appear on the Expiring Certificates page until 90 days before it expires.

STEP 4: DigiCert issues the SSL/TLS certificate

Once approved, we issue and send the renewed certificate to the certificate contact via email. You can also download the renewed certificate in your CertCentral account.

Step 5: Install your renewed SSL/TLS certificate

On the server, install and configure the new certificate. For more information about installing your certificate, see our SSL Certificate Installation Instructions & Tutorials.

Specific server instructions

The renewal process for some servers is slightly different than the instructions listed above. See the links below for specific operating system/server instructions.

We also recommend that you use the free DigiCert SSL Utility for Windows with an easy CSR generator.

Renewal FAQ

Q: Why do I need to install a new certificate if I'm only renewing my existing certificate?

A: Technically, when you renew a certificate, you are purchasing a new certificate for the domain and company.

Industry standards require Certificate Authorities to hard-code the expiration date into certificates. When a certificate expires, it is no longer valid and there is no way to extend its life. So, when you "renew" your certificate, DigiCert must issue a new one to replace the expiring one, and you must install the new certificate on your server.

To make renewing a certificate easier, DigiCert automatically includes the information from the expiring certificate in our renewal wizard. However, because you're ordering a new certificate, you can update any of the information during the order process, if needed.

Note

If you change any of your organization’s information (location, etc.) you may need to provide new validation documentation to verify the changes. You should also change the organization information in the CSR.

Q: Do I need to create a new CSR when I renew my SSL/TLS certificate?

A: Yes. Best practices are to generate a new certificate signing request (CSR) when renewing your SSL/TLS certificate. Generating a new CSR creates a new unique keypair (public/private) for the renewed certificate. See Create a CSR.

If you have a Windows server, you can use the free DigiCert Certificate Utility for Windows with an easy CSR generator.