IIS 5/6 Renewal without Downtime
Server administrators frequently have problems with downtime when they need to change the details of an existing SSL Certificate in Microsoft IIS 5/6. When you generate a CSR for a website in IIS, you can create a new certificate, or you can assign/import an existing certificate. Once you have used an SSL Certificate to secure the website, you can only renew, remove, or replace that existing certificate. When you renew an SSL Certificate in IIS, you can only create a request for a certificate that is identical to the original certificate. You cannot change any of the details in the certificate. For example, when you renew a certificate you cannot change the bit size from 1024 to 2048.
One way of changing the details in an SSL Certificate is to remove the existing certificate, restart the wizard, and choose the option to create a new certificate. This allows you to change the details of the certificate. However, this leaves the website unsecured or unavailable until a new certificate is issued. Sometimes the website is unsecured or unavailable for only a few minutes, but potentially it could be down for several hours or even several days depending on how long it takes to receive your new certificate.
Use the DigiCert® Certificate Utility for Windows to Renew Your SSL Certificate
The easiest way to change the details in a certificate without experiencing any downtime is to use the DigiCert® Certificate Utility for Windows. First, you use the certificate utility to generate your new CSR. Then, once you receive your SSL Certificate, you use the certificate utility to import it on to your IIS server. Finally, you use IIS to replace the old certificate.
See Renewing Microsoft IIS 5.x/6.x SSL Certificates.
Use IIS 5/6 to Renew Your SSL Certificate
You can also use the IIS 5/6 user interface to change the details of an SSL Certificate without any downtime. Using IIS 5/6 to accomplish this task is a little more difficult but produces the same results.
See How To Renew an IIS 5/6 SSL Certificate.
Note: The downtime issue was resolved in IIS 7.
For IIS 7 certificate renewal instructions, see Renewing your IIS 7 SSL Certificate.
For IIS 8 certificate renewal instructions, see IIS 8 and IIS 8.5: Renewing your SSL Certificate.