Reissue an SSL/TLS certificate

All DigiCert certificates come with unlimited free reissues. The list below includes some reasons for reissuing a certificate.

  • Lost the private key and want to re-key the certificate.
  • Need to change the common name on the certificate (for example, you want to remove example.com and add yourdomain.com).
  • Need to add, remove, or change some of the SANs listed in the certificate.

The certificate reissue process allows you to modify an issued certificate. Some modifications allow you to build upon the original certificate, resulting in two or more versions of that certificate. For example, when reissuing a certificate, you can add domains to the original certificate. Adding domains to a certificate doesn’t revoke the original certificate.

Other modifications allow you to create a new version of the certificate and require DigiCert to revoke the original certificate and any certificate reissues and duplicates. For example, removing SANs or changing SANs on a multi-domain certificate creates a new version of the certificate and revokes the original certificate and any previous reissues and duplicate copies.

Reissue certificate

To reissue your DigiCert SSL/TLS certificate, follow the steps below.

Step 1: Generate CSR

To reissue an SSL/TLS certificate, you’ll need to generate a new CSR. For more information about creating a CSR, see our Create a CSR (Certificate Signing Request) page.

Step 2: Sign in to your account

Sign in to CertCentral.

Step 3: Fill out the reissue form

Fill out the certificate reissue request form and modify the certificate as needed.

In the sidebar menu, click Certificates > Orders. On the Orders page, click the Order # of the certificate that needs to be reissued. On the certificate's Order # details page, in the Certificate Actions dropdown, click Reissue Certificate.

Depending on the changes you make, the original certificate and previous versions (reissues and duplicates) may need to be revoked. However, if a change requires revocation, we will notify you before you submit the reissue request.

If certificate revocations are required, after reissuing your certificate, DigiCert waits 48 – 72 hours before revoking the original certificate and any existing duplicates and reissues.

(Source: CertCentral ressiue SSL certificate)

Step 4: Complete domain control validation (DCV)

If you added any new, unvalidated domains to the certificate reissue request (common name or SANs), you’ll need to demonstrate control over those domains before DigiCert can reissue the certificate. See Demonstrate control over domains on a pending certificate order.

Step 5: DigiCert reissues the SSL/TLS certificate

Once approved, we reissue and send the reissued certificate to the certificate contact in an email. You can also download the reissued certificate from your account. See Download a certificate from your account.

Step 6: Install your reissued SSL/TLS certificate

Install and configure the new certificate. For more information about installing your certificate, see our SSL Certificate Installation Instructions & Tutorials page.

If certificate revocations are required, you have 48 – 72 hours from the time your certificate is reissued to replace any soon-to-be revoked certificates.