Loading...Everything you need to know to renew SSL certificate!
When and How Do I Renew My SSL Certificate?
You can renew an SSL certificate up to 30 days before its expiry date.
Ideally, you should buy, generate a certificate signing request (CSR), complete the SSL validation process, and install the new SSL certificate before the expiry date. So, as soon as your old certificate expires, it will be replaced by the new certificate automatically.
Technically, as soon as the CA issues/renews the certificate, it becomes activate. Now, there will be two SSL certificates existing on your server simultaneously. But this is normal and doesn’t cause any problems.
If I Renew Early, Will I Lose the Time Remaining in My Current SSL Certificate?
No — at least not with Sectigo! We will compensate for the time remaining on your current Sectigo SSL for FREE. For example, if your current Sectigo SSL certificate will expire within 30 days, Sectigo will issue you a new SSL for up to 13 months — 12 months of original contract + as many days remaining on your original certificate.
Can I Change the Certificate Authority During the SSL Renewal Process?
Of course! Anytime! No matter which brand’s SSL certificate you’re using, you can change your certificate authority (CA) to Sectigo (formerly Comodo CA) anytime.
At Sectigo.com, we offer the best deals, generous warranties, industry-standard encryption, prompt customer service, and eye-catching trust logos. By the way, we’ve made all the site seals (trust logos) dynamic, even for domain validation (DV) SSL certificates!
Shop for Sectigo SSL Certificates and Save 87%What Are the Advantages of Early SSL Renewals?
Generally, browsers go crazy if they see any security-related problems — especially SSL-related issues. If there is a time-lapse between the expiry of the old SSL and activation of the new SSL, browsers will show a security warning page with “SEC_ERROR_EXPIRED_CERTIFICATE” error when someone tries to visit your website. Such warning pages will will drive away your website visitors and negatively impact your hard-earned reputation.
As you know, generating the CSR, undergoing validation, and installing a certificate are always time-consuming processes. If you have an organization validation (OV) or extended validation (EV) SSL certificate, it can be as lengthy as five business days if the CA finds any issues in validating your organization’s details. When you renew your SSL early, you will have enough time to go through all of these procedures without risking site downtime or outages.
Sometimes, website owners take SSL renewals quite lightly and then miss the expiry date with such a negligent attitude. See the latest example. More than 80 .gov websites’ SSL/TLS Certificates expired during the most recent US government shutdown. In May 2019, LinkedIn missed renewing its SSL certificate!
But do you know how much a simple act of such procrastination costs? According to a report, it costs an average of $11.1M/year to companies for unplanned certificate expiration.
Image courtesy: The SSL STORE
You can avoid the last-minute rush and save your website from showing a pesky warning to your users.
Plus, you’re not losing anything if you renew early. In fact, Sectigo will compensate for the time remaining in your current SSL for FREE. So, renew your SSL ASAP.
Shop for Sectigo Multi-Domain SSL Certificates and Save 79%What Are the Disadvantages of Renewing My SSL Certificate Early?
People are reluctant to renew their SSL certificate before time because some CAs charge unreasonably higher renewal rates. This price is substantially higher than the rates they charge to new customers. Plus, the existing customers are not allowed to take advantage of ongoing discounts and deals that are available to new customers. Some hosting companies are infamous for giving free SSL for a year and then charging significantly higher rates, for both their hosting contract and the SSL certificate. But the good news is, with Sectigo, you don’t have to face such discrimination.
We value our loyal customers; you’ll get your SSL certificate at the same rate as it is available to new customers. You will get the benefit of all the ongoing coupons and deals at the time of renewals. In fact, we send extra discount coupons when we send renewal reminder emails to our current customers!
Shop for Sectigo Wildcard SSL Certificates and Save 79%Do I Need to Generate a CSR Again?
No, you usually do not need to generate a new CSR if you still have the original private key to match. If you have lost the private key, or if your server or host requires a new certificate request any time you renew, then you’ll need to generate a new CSR.
How Do I Renew My SSL Certificate?
Step 1: If you are an existing customer, log in to your account. If your certificate will expire within 30 days, you will see renewal option besides the SSL certificate options. If you are a new customer, after selecting the right SSL certificate, instead of clicking on “Add to Cart” click on “Renew Now.” See the screenshot below.
Step 2: Fill out the form and make your payment.
Step 3: Generate the CSR.
Step 4: Send the CSR code (public keys) to the certificate authority. You’ll get a link in the email and instructions on how to send CSR to certificate authority.
Step 5: Complete the validation and installation processes.
Can I Change and/or Upgrade the SSL Certificate’s Type at the Time of Renewal?
Yes! Of course!
Whether you are an existing customer or a new one, you can anytime change the type of certificate you’re currently using during the SSL renewal process. You can upgrade to organization validation (OV), extended validation (EV), wildcard SSL (for subdomains), multi domain SSL, or multi domain wildcard SSL.
Just select the SSL certificate of your choice, and instead of clicking on “Add to Cart,” click on “Renew Now.”
Note: If you’re an existing customer, first log in to your account and then select the right certificate from our broad range of SSL certificates.
How Can I Upgrade My SSL Certificate from DV to OV/EV?
Select the OV/EV SSL certificate of your choice and click on “Renew Now” (Instead of clicking on “Add to Cart”).
Generate the CSR and send the CSR code to the certificate authority.
The CA will ask you to provide some of the following information:
- details of the physical address of your business,
- phone number,
- official registration documents,
- license number,
- legal opinion letter,
- Dun & Bradstreet credit report.
Once the CA completes the validation process, they will issue your certificate. You will get the file in an email.
How Much Time Does It Take to Get My Certificate Renewed?
The issuance time for an SSL certificate depends upon the validation level and certificate authority of your certificate.
| Renewal Conditions | Renewal Time |
|---|---|
| Keeping the same DV SSL. (Current SSL-DV, Renewed SSL-DV) | Just in minutes |
| Upgrading from DV to OV/EV | OV: 1-3 days EV: 1-5 days |
| Renewing Sectigo to Sectigo Or Renewing Comodo to Sectigo | Quicker than the first-time issuance. Sectigo will send you the information you provided at the you purchased your existing SSL certificate to revalidate. Confirm the validity of the old information or, if there are any changes, update the info. It would be much faster than the initial OV or EV validation process. |
| Changing certificate authority (Brand) | DV: Within minutes OV: 1-3 Days EV: 3-5 Days |
Can I Get the SSL For More Than 1 Year So That I Don’t Need to Renew it Frequently?
No. SSL certificates will expire, for a couple good reasons, of course:
Technological Upgrades: SSL certificates use the secure hashing algorithm (SHA). It keeps on upgrading with strong and longer encryption keys. The reason certificate authorities keep updating the hashing technology is that the old ones become vulnerable to cyber attacks with passing the time. So, every time you renew, you will get the new SSL with upgraded technology.
Changes: If there are changes in domain authority or company details, people are not quick to inform the certificate authority (CA) right away. In the case of EV or OV SSL certificates, the CA has to maintain live information on the certificate and site seals. When they show obsolete details, it harms the organization and the CA’s reputation. When you renew your SSL certificate, you get a chance to update all the changes that took place over the last year or two.
Suppose a business is shut down and the domain is sold to someone else. What if the new owner is a hacker running spammy/phishing site? If the SSL certificate doesn’t expire, it might keep protecting the domain, assuming that it still belongs to the previous owner. In such cases, people will not be able to trust SSL certificates anymore. That’s why SSL renewals are necessary so that the CAs can keep an eye on the authentication of the domain and the business.