Skip to main content

Replace a certificate

Certificate replacement allows you to replace your third-party certificate automatically or manually with a DigiCert certificate.

You can also replace your certificate when:

  • You lost your certificate's private key and want to get new keys.

  • You want to change or add SANs to your certificate.

  • You want to fix any compliance issues associated with the certificate.

You can either replace a certificate manually or set up automation for it to be configured automatically.

To see available certificate actions, go to Discovery > View Results.

Automated certificate replacement

The auto-replace feature has been integrated with the automation service. This checks whether there are any automation setups available for matching IPs/Ports or certificates and automatically replaces them.

To submit an auto-replace request:

  1. Identify the certificate or endpoint you want to replace.

  2. From the actions dropdown, select either “Reissue" or "Replace with DigiCert”.

  3. Select the automated replacement option to continue.

For more information on setting up automation, see Managed automation workflow.

The certificate installation starts immediately. In case, an automation setup is already configured, it will take you to the Manage automation page.


You can manually replace your certificate if your certificate host is not configured for automation.

Replace on revoke

Replace your certificate if it is revoked or missing.

On Automation > Manage profiles page:

  1. Find and click the name of the automation profile.

  2. Select Auto-renew and install certificate.

  3. Enable the Auto-replace this certificate if revoked or missing.

  4. Select Save.

The Discovery service monitors certificates by doing daily revocation checks. If a revoked certificate is found, this configuration ensures the revoked certificate is automatically replaced by a new one.


Use Discovery to Set up and run a scan. This will discover the revoked or missing certificate on the host.