How to renew an SSL certificate?

Starting SSL renewal process
Renewing a PositiveSSL, EssentialSSL, PositiveSSL Wildcard, EssentialSSL Wildcard certificate
Renewing any other SSL certificate
Additional information

Starting SSL renewal process

Renewal of the certificate is available only within 30 days before its expiration.

Renewal notices are sent 30, 15, 7, 3 and 1 day before the certificate expiration.

Expired certificates cannot be renewed. In this case it is necessary to purchase a brand new certificate.

The certificate that is about to expire will have the status Due in the certificate list.

To purchase a renewal, click on the ‘Due’ status and select ‘Renew’ from the dropdown.


The certificate will be added to the shopping cart. Complete the checkout and follow these steps:

  • Click on your email address in the top right corner of the home page:


  • Locate the renewal certificate you have purchased, click on the ‘New’ status and choose ‘Activate’.
  • Locate the renewal certificate that has been purchased, click on the status ‘New’ and then on the ‘Activate’ button.


If you renew a PositiveSSL, EssentialSSL, PositiveSSL Wildcard, EssentialSSL Wildcard certificate:

Step 1. Save new key

You can download the key generated for the domain in your browser or submit a manually generated CSR.

Note: Both 'use browser to create files' and ' and 'create it on your server' options support IDNs with the following TLDs. Prefer pasting the IDN instead of typing to ensure further process goes smoothly.

To use the CSR generated in your browser:

  • Click on the ‘key’ button to save your private key generated for the entered domain.


  • Click ‘Almost there’ to proceed.

To use the CSR generated manually:

  • Click ‘create it on your server’.
  • Paste the generated CSR code to the ‘Paste CSR (command output)’ field. You may use one of the pre-generated commands that fit your server software (OpenSSL or Windows) to generate the CSR. Hover over the command and copy to use it on your server.
  • Click ‘Onwards’.


Step 2. Review


If you renew another SSL certificate:

  • Generate a new CSR code. You may request the CSR from your hosting provider or generate it yourself. Check our CSR generation instructions for reference.

Step 1. CSR info

  • Copy and paste the CSR code generated for the certificate renewal.


Step 2. Domains

  • Select the server type the certificate will be installed to.


  • Check the domains (SANs) that will be secured by SSL and click ‘Onward’ (otherwise, re-generate the CSR according to prompt messages and start the process again).


Step 3. Domain ownership

  • Choose the domain control validation method for the reissue, either one of the approver email addresses or uploading a text file.

‘Upload a file’ DCV method is not available for OV/EV certificates.


Step 4. Contacts

  • Confirm or change administrative contact information.


Additional information

After the renewal is submitted, you need to complete Domain Control Validation process to have the certificate issued.

OV and EV certificates will require additional company verification process.

If you need to change the DCV method, contact our Support team.

After the certificate is validated, the certificate files will be sent to the SSL administrative email.

Do not forget to install a new certificate on the server replacing the old one.