How to renew an SSL certificate?

PositiveSSL & EssentialSSL Certificates renewal
InstantSSL, PremiumSSL and EV SSL Certificates renewal
Multi-Domain Certificates renewal
Further steps

Renewal of the certificate is available only within 30 days before its expiration.

Renewal notices are sent 30, 15, 7, 3 and 1 day before the certificate expiration.

Expired certificates cannot be renewed. In this case it is necessary to purchase a brand new certificate.

The certificate that is about to expire will have the status Due in the certificate list.

To purchase a renewal, click on the Due status and select Renew from the dropdown.

renew_1.png

The certificate will be added to the shopping cart. Complete the checkout and follow these steps:

  • Click on your email address in the top right corner of the home page:

renew_2.png

  • Locate the renewal certificate you have purchased, click on the New status and choose Activate.
  • Locate the renewal certificate that has been purchased, click on the status New and then on the Activate button.

renew_3.png

 

PositiveSSL, EssentialSSL, PositiveSSL Wildcard and EssentialSSL Wildcard renewal process:

Step 1. Save new key

You can download the new key generated in your browser or submit a manually generated CSR.

Note: Both options support IDNs with the following TLDs. Prefer pasting the IDN instead of typing to ensure further process goes smoothly.

  • Auto-activate, the in-browser generator option, is a default one on the next step after specifying the domain for the certificate. If it’s the option you use, click on the key button to save the Private key for the renewal certificate.

auto-csr_1.png

  • To switch to using the CSR pre-generated on your server or to receive a corresponding command to generate one, tick the Enter CSR option.

auto_csr_2.png

Note: You can select the encryption method and server type to receive the corresponding command in the CSR Command field.

Note: The Private key is generated along with CSR and should be kept on the server. The Private key code is required during the SSL installation.

  • Paste the CSR code including -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- to the Enter CSR field.
  • Click Onwards.

Step 2. Review

renew_6.png

 

InstantSSL, EV SSL, InstantSSL Pro, PremiumSSL, PremiumSSL Wildcard and EV Multi-Domain renewal process:

Step 1. Save new key

You can download the new key generated in your browser or submit a manually generated CSR.

Note: Both options support IDNs with the following TLDs. Prefer pasting the IDN instead of typing to ensure further process goes smoothly.

  • Auto-activate, the in-browser generator option, is a default one on the next step after specifying the domain for the certificate. If it’s the option you use, click on the key button to save the Private key for the renewal certificate.

auto-csr_1.png

  • To switch to using the CSR pre-generated on your server or to receive a corresponding command to generate one, tick the Enter CSR option.

auto_csr_2.png

Note: You can select the encryption method and server type to receive the corresponding command in the CSR Command field.

Note: The Private key is generated along with CSR and should be kept on the server. The Private key code is required during the SSL installation.

  • Paste the CSR code including -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- to the Enter CSR field.
  • Click Onwards.

Step 2. Pick company

We will pre-fill the information from the previous certificate. Make sure that the details are correct and appear as they are in the governmental or business directories such as (Yellow pages, Duns & Bradstreet etc.).

pick_company.png

Step 4. Review & Submit

reissue_review_details.png

After the activation is done, proceed with validation.

 

For Multi-Domain certificates, please follow these steps:

Generate a new CSR code. You may request the CSR from your hosting provider or generate it yourself. Check our CSR generation instructions for reference.

Step 1. CSR info

  • Copy and paste the CSR code generated for the certificate renewal.

renew_7.png

If you receive an error message regarding the CSR code parsing or Invalid CSR code, please check the related article.

Step 2. Domains

  • Select the server type the certificate will be installed to.

renew_8.png

  • Check the domains (SANs) that will be secured by SSL and click Onward (otherwise, re-generate the CSR according to prompt messages and start the process again).
  • You may add more domains using the plus button.

add_sans.png

Step 3. Domain ownership

  • Choose the domain control validation method for the reissue, either one of the approver email addresses or uploading a text file.

Upload a file DCV method is not available for OV/EV certificates.

renew_10.png

Step 4. Contacts

  • Confirm or change administrative contact information.

renew_11.png

 

Further steps

After the renewal is submitted, you need to complete Domain Control Validation process to have the certificate issued.

OV and EV certificates will require additional company verification process.

In order to change the selected DCV method or force HTTP/DNS check, use Comodo Order Status panel or contact SSLs.com Support.

After the certificate is validated, the certificate files will be sent to the SSL administrative email.

Do not forget to install a new certificate on the server replacing the old one.