How to renew an SSL certificate?

PositiveSSL & EssentialSSL Certificates renewal
InstantSSL, PremiumSSL and EV SSL Certificates renewal
Multi-Domain Certificates renewal
Next steps

Renewal of the certificate is available only within 30 days before its expiration.

Renewal notices are sent 30, 15, 7, 3 and 1 day before the certificate expiration.

Expired certificates cannot be renewed. In this case it is necessary to purchase a brand new certificate.

The certificate that is about to expire will have the Renew button appear next to it in the Purchased certs list. Below are the steps you need to follow to purchase and enable the renewal certificate.

Click on Renew button.

It will prompt you to the checkout page where you can buy the renewal certificate. Once the renewal certificate is purchased, it can be activated. For this, go to the Purchased certs list and click Activate button next to the renewal certificate you just ordered.

Find the next steps described in one of the following sections depending on your certificate type.

PositiveSSL, EssentialSSL, PositiveSSL Wildcard and EssentialSSL Wildcard renewal process:

Step 1. Save new key

You can download the new key generated in your browser or submit a manually generated CSR.

Note: Both options support IDNs with the following TLDs. Prefer pasting the IDN instead of typing to ensure further process goes smoothly.

a) Auto-activate, the in-browser generator option, is a default one on the next step after specifying the domain for the certificate. If it’s the option you use, click on the key button to save the Private key for the renewal certificate.

b) To switch to using the CSR pre-generated on your server or to receive a corresponding command to generate one, tick the Enter CSR option.

Note: You can select the encryption method and server type to receive the corresponding command in the CSR Command field.

Note: The Private key is generated along with CSR and should be kept on the server. The Private key code is required during the SSL installation.

  Paste the CSR code including —–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—– to the Enter CSR field.

  Click Onwards.

Step 2. Review

Choose the convenient DCV method (upload validation file or receive an email).

  Verify that the email for the certificate delivery is correct.

  Click Submit.

InstantSSL, EV SSL, InstantSSL Pro, PremiumSSL, PremiumSSL Wildcard and EV Multi-Domain renewal process:

Step 1. Save new key

You can download the new key generated in your browser or submit a manually generated CSR.

Note: Both options support IDNs with the following TLDs. Prefer pasting the IDN instead of typing to ensure further process goes smoothly.

a) Auto-activate, the in-browser generator option, is a default one on the next step after specifying the domain for the certificate. If it’s the option you use, click on the key button to save the Private key for the renewal certificate.

b) To switch to using the CSR pre-generated on your server or to receive a corresponding command to generate one, tick the Enter CSR option.

Note: You can select the encryption method and server type to receive the corresponding command in the CSR Command field.

Note: The Private key is generated along with CSR and should be kept on the server. The Private key code is required during the SSL installation.

  Paste the CSR code including —–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—– to the Enter CSR field.

  Click Onwards.

Step 2. Pick company

We will pre-fill the information from the previous certificate. Make sure that the details are correct and appear as they are in the governmental or business directories such as (Yellow pages, Duns & Bradstreet etc.).

Step 4. Review & Submit

  Verify that the submitted company details are correct.

Choose the convenient DCV method (upload validation file or receive an email).

  Verify that the email for the company representative details are correct.

  Click Submit.

  After the activation is done, proceed with validation.

For Multi-Domain certificates, follow these steps:

Generate a new CSR code. You may request the CSR from your hosting provider or generate it yourself. Check our CSR generation instructions for reference.

Step 1. CSR info

  Copy and paste the CSR code generated for the certificate renewal.

  If you receive an error message regarding the CSR code parsing or Invalid CSR code, please check the related article.

Step 2. Domains

  Select the server type the certificate will be installed to.

  Check the domains (SANs) that will be secured by SSL and click Onward (otherwise, re-generate the CSR according to prompt messages and start the process again).

  You may add more domains using the plus button.

Step 3. Domain ownership

  Choose the domain control validation method for the reissue, either one of the approver email addresses or uploading a text file.

  Upload a file DCV method is not available for OV/EV certificates.

Step 4. Contacts

  Confirm or change administrative contact information.

Next steps

Here are your guides for validation with the Certificate Authority:

After this validation is completed, your Certificate will be issued by the CA and sent to your specified administrative email address. If you don’t receive it for some reason, you can always download the Certificate from your account.

Do not forget to install a new certificate on the server replacing the old one.