Industry standards change: End of 2-year public SSL/TLS certificates
On August 27, 2020, 6:00 PM MDT (August 28 00:00 UTC), DigiCert stopped issuing public DV, OV, and EV SSL/TLS certificates with a maximum validity greater than 397 days. This change may affect your early certificate renewals.
You can still renew a certificate order as early as 90 days to 1 day before it expires. When you renew, DigiCert transfers as much remaining validity as possible to the renewed certificate without exceeding the new 397-day maximum certificate validity. Any validity that we cannot transfer directly to the certificate is transferred to your order. To learn more, see End of 2-year DV, OV, and EV public SSL/TLS certificates.
Need to renew your DigiCert SSL/TLS certificate? Follow the steps below to renew your certificate. See the FAQ section for more information.
To renew an SSL/TLS certificate, you’ll need to generate a new CSR. For more information about creating a CSR, see our Create a CSR (Certificate Signing Request) page.
Best practices are to generate a new certificate signing request (CSR) when renewing your SSL/TLS certificate. Generating a new CSR creates a new, unique keypair (public/private) for the renewed certificate.
Sign in to your CertCentral account.
Fill out the certificate renewal order form.
Note: After you submit the renewal order, DigiCert will perform a quick cross-check verification. If your organization’s information was changed in the CSR, you may need to provide new documentation to verify the changes.
A certificate doesn't appear on the Expiring Certificates page until 90 days before it expires.
Once approved, we issue and send the renewed certificate to the certificate contact via email. You can also download the renewed certificate in your CertCentral account.
On the server, install and configure the new certificate. For more information about installing your certificate, see our SSL Certificate Installation Instructions & Tutorials page.
The renewal process, for some servers, is slightly different than the instructions listed above. See the links below for specific operating system/server instructions.
Technically, when you renew a certificate, you are purchasing a new certificate for the domain and company. Industry standards require Certificate Authorities to hard code the expiration date into certificates. When a certificate expires, it is no longer valid and there is no way to extend its life. So, when you "renew" your certificate, DigiCert must issue a new one to replace the expiring one, and you must install the new certificate on your server.
To make renewing a certificate easier, DigiCert automatically includes the information from the expiring certificate in our renewal wizard. However, because you're ordering a new certificate, you can update any of the information during the order process, if needed.
Note: If you change any of your organization’s information (location, etc.) you may need to provide new validation documentation to verify the changes. You should also change the organization information in the CSR.
Best practices are to generate a new certificate signing request (CSR) when renewing your SSL/TLS certificate. Generating a new CSR creates a new unique keypair (public/private) for the renewed certificate.
For more information, see Create a CSR.