Renewing an SSL Certificate Instructions

SSL Certificate Renewal Made Easy

Renewing DigiCert SSL certificates is easy; just follow the basic instructions below to renew your certificate. For some server types these steps may vary. See the FAQ section below for more information.

Note: Certificates can be renewed up to 90 days before expiration.


STEP 1: Generate a new CSR, if needed. See the FAQ section below for more information.


STEP 2: Log into your DigiCert Account.


STEP 3: Complete the certificate renewal request.

Old Retail/Enterprise Accounts

In the DigiCert Management Console, on the My Orders tab, next to the certificate you want to renew (and complete the renewal request), click Renew. Note that the renew option is not available until 90 days before the certificate expires.

CertCentral Accounts

In CertCentral, in the sidebar menu, click Certificates > Expiring Certificates. On the Expiring Certificates page, next to the certificate that needs to be renewed, click Renew Now. Note that a certificate does not appear on the Expiring Certificates page until 90 days before it expires.

Renewal Request
After you complete the renewal request, DigiCert will perform a quick cross-check verification. If your organization’s information was changed in the CSR, you may need to provide new documentation to verify the changes.


STEP 4: Once approved, the renewed certificate is sent to the certificate contact in an email. You can also download the renewed certificate in your DigiCert account (Management Console or CertCentral).


STEP 5: On your server, install and configure the new certificate. We recommend that you make sure the new certificate is installed and configured properly before you uninstall your old certificate. This way if there is a problem with your new certificate or if there is a delay in getting your new certificate installed your sites are still secure.


STEP 6: Once the new certificate is correctly installed and you have verified that it is working correctly, you can remove your old certificate. It’s a good idea to create a backup of the certificate before you remove it as a precaution. Note that we don’t recommend removing the original system-generated self-signed certificate. This can cause you server to become unstable (especially with Windows servers).

SSL Renewal Instructions by Server Type

The renewal process for some servers is slightly different than the instructions listed above. See the links below for specific instructions by server type.


We also recommend that you use the free DigiCert SSL Utility for Windows which has an easy CSR generator feature.

Renewal FAQ

Q: Why Do I Need to Install a New Certificate if I Am Only Renewing My Existing Certificate?

ANSWER: It is not possible to extend the life of a certificate because certificate expiration dates are hard-coded into the certificates themselves. So, technically, when you ‘renew’ a certificate you are purchasing an entirely new certificate, just for the same company/domain. Because of this, DigiCert must issue a new SSL Certificate to replace the existing one on your server and you must install the certificate just like you did before.

Because it can be difficult to remember all the company and domain information for your expiring certificate, DigiCert automatically includes some of this information in our renewal request wizard. If you need to update this information you can do so during the request process. Note that if any of your organization’s information has changed (location, etc.) you may need to provide new documentation to verify the changes. You should also change the information in the CSR.


Q: Do I Need to Create a New CSR to Renew My SSL Certificate?

ANSWER: Depending on your server type, you may also have to generate a new CSR. Many servers, including Apache servers, allow you to install a new certificate without generating a new CSR. However, the following servers require that you generate a new CSR:

  • Windows servers
  • Tomcat servers
  • Java-based servers
  • Most applications, such as firewalls, load balancers, etc.

If you have any of the above server platforms, you must generate a new CSR before you submit your renewal. Note that if you have a Windows server you can use the free DigiCert Certificate Utility for Windows which has an easy CSR generator for Windows servers.

Professional Support Available Anytime

We try to keep our online documentation as up-to-date as possible. However, if you have a particular article or platform that you would like to see documentation for, please email us.


Support Toll Free: 1-800-896-7973 (US & Canada)
Support Direct: 1-801-701-9600
Fax Toll Free: 1-866-842-0223 (US & Canada)