Renew an SSL/TLS certificate

SSL/TLS certificate renewal made easy

Need to renew your DigiCert SSL/TLS certificate? Follow the steps below to renew your certificate. See the FAQ section for more information.

Step 1: Generate CSR

Best practices are to generate a new certificate signing request (CSR) when renewing your SSL certificate. For more information about creating a CSR, see our Create a CSR page.

Step 2: Sign in to your account

Sign in to CertCentral (or your DigiCert management console).

Step 3: Fill out the renewal form

Fill out the certificate renewal order form. Note that after you submit the renewal order, DigiCert will perform a quick cross-check verification. If your organization’s information was changed in the CSR, you may need to provide new documentation to verify the changes.

CertCentral

In the sidebar menu, click Certificates > Expiring Certificates. On the Expiring Certificates page, next to the certificate that needs to be renewed, click Renew Now. Note that a certificate does not appear on the Expiring Certificates page until 90 days before it expires.

DigiCert Management Console

On the My Orders tab, click the '+' icon next to the certificate you want to renew and then click Renew. Note that the renew option is not available until 90 days before the certificate expires.

Step 4: DigiCert issues the SSL/TLS certificate

Once approved, we issue and send the renewed certificate to the certificate contact in an email. You can also download the renewed certificate from your account (CertCentral or DigiCert Management Console).

Step 5: Install your renewed SSL/TLS certificate

On the server, install and configure the new certificate. For more information about installing your certificate, see our SSL Certificate Installation Instructions & Tutorials page.

SSL/TLS Renewal instructions

The renewal process for some servers is slightly different than the instructions listed above. See the links below for specific operating system/server instructions.

We also recommend that you use the free DigiCert SSL Utility for Windows which has an easy CSR generator feature.

Renewal FAQ

Q: Why do I need to install a new certificate if I'm only renewing my existing certificate?

Answer: Technically, when you renew a certificate, you are purchasing a new certificate for the domain and company.

Technically, when you renew a certificate, you are purchasing a new certificate for the domain and company. Industry standards require Certificate Authorities to hard code the expiration date into the certificates. When a certificate expires, it is no longer valid and there is no way to extend its life. So, when you "renew" your certificate, DigiCert must issue a new one to replace the expiring one, and you must install the new certificate on your server.

To make renewing a certificate easier, DigiCert automatically includes the information from the expiring certificate in our renewal wizard. However, because you're ordering a new certificate, you can update any of the information during the order process, if needed. Note that if you change any of your organization’s information (location, etc.) you may need to provide new validation documentation to verify the changes. You should also change the organization information in the CSR.

Q: Do I need to create a new CSR when I renew my SSL/TLS certificate?

Answer: Best practices are to generate a new CSR.

Best practices are to generate a new CSR when you renew you SSL/TLS certificate. For more information, see Create a CSR. If you have a Windows server you can use the free DigiCert Certificate Utility for Windows which has an easy CSR generator for Windows servers.