Skip to main content

Renew a GeoTrust Cloud DV certificate


Industry standards change: End of 2-year public SSL/TLS certificates

On August 27, 2020, DigiCert stopped issuing public DV, OV, and EV SSL/TLS certificates with a maximum validity greater than 397 days. This change may affect your early certificate renewals.

You can still renew a certificate order as early as 90 days to 1 day before it expires. When you renew, DigiCert transfers as much remaining validity as possible to the renewed certificate without exceeding the new 397-day maximum certificate validity. Any validity that we cannot transfer directly to the certificate is transferred to your order. To learn more, see End of 2-year DV, OV, and EV public SSL/TLS certificates.

Before you begin

GeoTrust Cloud DV certificates use Subject Alternative Names (SANs) to let you secure multiple domains ( and wildcard domains (* with one certificate. Adding SANs to a renewal order for a GeoTrust Cloud DV certificate order may incur additional cost.

Renew your GeoTrust Cloud DV certificate

  1. Create a CSR. This is required to complete the renewal order. To remain secure, certificates must use at least a 2048-bit key size. See Create a CSR (Certificate Signing Request).

  2. Locate the certificate order.

    1. In your CertCentral account, in the left main menu, go to Certificates > Orders.

    2. On the Orders page, use the dropdown lists, search box, advanced search features (Show advanced search link), and column headers to find the certificate that needs to be renewed.

    3. In the certificate's Order # column, select Quick view.

    4. In the Order # details panel (on the right side of the page), select Renew certificate.

  3. Add your CSR. On the Renew GeoTrust Cloud DV Order page, use one of the options below to add your CSR:

    • Upload: Use this link to upload your CSR file to the Add your CSR box.

    • Paste: Use a text editor to open your CSR file. Copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags, and paste it in to the Add your CSR box.

  4. Add, remove, or reorder SANs as needed. The SANs can be domains ([]) and wildcard domains (*.[yourdomain].com). We carry over the common name and any subject alternative names (SANs) from the original certificate and add it to the Common name / SANs field.


    Adding SANs to a GeoTrust DV certificate order may incur additional costs.

  5. Select a coverage length. With a 1-year plan, you get a 1-year certificate by default. With longer plans, your first certificate has a 397-day validity by default. See Multi-year Plans.

  6. Set a validity period for the first SSL/TLS certificate in your order. Choose 1 year, Custom expiration date, or Custom length.

    • Industry standards dictate that the maximum validity period for all public SSL/TLS certificates is 397 days (approximately 13 months).

    • For a certificate with a shorter validity than the order, you will need to reissue your certificate to use the remaining validity on the order.

    • Certificate validity determines the length of the first certificate issued for the plan. If needed, you can change the validity period each time you reissue your certificate.

  7. Set advanced options. SHA-256 is the only hash algorithm available for DV certificates.

  8. Select a DCV method to prove control of your domain. Before DigiCert can issue your DV certificate, you must demonstrate control over the domain on your certificate order. To learn more about the available methods, see Domain Control Validation (DCV) Methods.

    In the DCV verification method dropdown list, choose the method you want to use for the domain on the certificate order.

    • DNS TXT (recommended)

      Demonstrate control over the domain on your order by creating a DNS TXT record with a randomly generated value.

    • Email

      Demonstrate control over the domain by following the instructions in a confirmation email sent for the domain.

    • File

      Demonstrate control over your domain by hosting a fileauth.txt file with a randomly generated value at a predetermined location on your website.

    After submitting your certificate order, you can change the DCV method from the certificate's Order # details page, if needed.

    In the sidebar menu, click Certificates > Orders. On the Orders page, in the Order # column of the DV certificate order, click the order number link.

  9. Select the language for the DCV email. Did you choose to validate your domain using email? This dropdown will appear to allow you to select a language.

  10. Add a technical contact. This is optional. However, we recommend adding another person who will receive order emails, including the one with the certificate attached, as well as renewal notifications.

    1. In the Order details section, under Contacts, in the Technical contact box, select Add contact.

    2. In the Add Contact window, provide the contact’s information (first and last name, job title, phone, and email). Select Submit.

  11. Add notes and a renewal message. These are optional and are not included in the certificate.

    1. Expand Notes / Renewal message.

    2. Comments to administrator: Add a note to the order only an administrator can see (for example, the reason the certificate was needed).

    3. Order-specific renewal message

  12. Select a payment method.

    • Pay with contract terms: This is the default payment method for customers with contracts.

    • Pay with credit card

    • Pay with account balance: To deposit funds, select Deposit.


      The Deposit link takes you to another page in your CertCentral account. Any information entered in the request form won't be saved.

  13. Read the agreement and check I agree to the Certificate Service Agreement.

  14. Select Submit certificate request.

What's next

Before we can issue your certificate, the domain validation for the domains on the order (demonstrate control over the domain) must be completed. See Demonstrate control over domains on your SSL certificate order.