How to renew an SSL certificate?

PositiveSSL & EssentialSSL Certificate renewal
InstantSSL, PremiumSSL and EV SSL Certificate renewal
Multi-Domain Certificate renewal
Next steps

SSL Certificate Renewal becomes available in your Account from 30 days before its expiration. We’ll send you email reminders 30, 15, 7, 3 and 1 day before your Certificate expires, so you’ll have plenty of opportunity to renew.

Note: if Certificates are allowed to expire, they can’t be renewed. In this case you’d need to buy a brand new Certificate.

Let’s get started with your renewal:

In your Account panel, you’ll see the Renew button appear next to your Purchased certs list. Click on this button for the Certificate you want to renew first.

You’ll be directed to the checkout page to complete your repeat purchase.

Once done, go back to to the Purchased certs list in your Account and click the Activate button next to the Certificate you just renewed.

Your next steps will depend on the Certificate type you’ve renewed. Jump to the below section that applies.

Renewal for PositiveSSL, EssentialSSL, PositiveSSL Wildcard and EssentialSSL Wildcard

Step 1. Save new key

You have two options. Either download the new key automatically generated in your browser, or submit a manually generated CSR.

Note: both options support IDNs with the following TLDs. Paste in the IDN instead of typing it, to ensure no errors cause delays.

a) Automatic in-browser generator option:

Auto-activate is the default in your Account panel, after specifying the domain for your Certificate. Click on the key button to save your Private key for the renewal Certificate.

b) Submit manually generated CSR option:

To switch to using the CSR pre-generated on your server, or to receive a corresponding command to generate one, tick the Enter CSR field.

Note: you can select the encryption method and server type to receive the corresponding command in the CSR Command field.

The Private key is generated along with the CSR and should be stored on the server. The Private key code is required during the SSL installation, so keep it safe.
Paste the CSR code including —–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—– into the Enter CSR field.

Click Onwards.

Step 2. Review

Choose your preferred DCV method i.e. either upload your validation file or receive an email from the Certificate Authority.

Most people choose the email option. Verify that the email details for the certificate are correct, then click Submit.

Renewal for InstantSSL, EV SSL, InstantSSL Pro, PremiumSSL, PremiumSSL Wildcard

Step 1. Save new key

You have two options. Either download the new key automatically generated in your browser, or submit a manually generated CSR.

Note: both options support IDNs with the following TLDs. Paste in the IDN instead of typing it, to ensure no errors cause delays.

a) Automatic in-browser generator option:

Auto-activate is the default in your Account panel, after specifying the domain for your Certificate. Click on the key button to save your Private key for the renewal Certificate.

b) Submit manually generated CSR option:

To switch to using the CSR pre-generated on your server, or to receive a corresponding command to generate one, tick the Enter CSR field.

Note: you can select the encryption method and server type to receive the corresponding command in the CSR Command field.

The Private key is generated along with the CSR and should be stored on the server. The Private key code is required during the SSL installation, so keep it safe.

Paste the CSR code including —–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—– into the Enter CSR field.

Click Onwards.

Step 2. Pick company

To save you time, we will pre-fill the information from your previous Certificate. Simply make sure that the details are correct, and appear as listed in government or business directories (Yellow pages, Dun & Bradstreet etc).

Step 3. Review & Submit

Verify that the company details you submitted are correct.

Choose your preferred DCV method i.e. either upload your validation file or receive an email from the Certificate Authority.

Most people choose the email option. Verify that the email details for the certificate are correct, then in your Account panel click Submit.

 After the activation is complete, proceed with the validation steps.

Renewal for Multi-Domain Certificates

You’ll need a new CSR code. You can request the CSR from your hosting provider, or generate it yourself. View our CSR generation instructions for more guidance.

Step 1. CSR info

Copy and paste the CSR code you’ve generated for the Certificate renewal.

 If you get an error message, view this related article for further guidance.

Step 2. Domains

Select the server type you will install your renewed the certificate on.

Check the domains (SANs) that will get SSL encryption, and click Onward.

Alternatively, if there’s an issue, re-generate the CSR according to the prompt messages and try again.

You can easily add more domains using the plus button.

Step 3. Domain ownership

Choose the Domain Control Validation (DCV) method for this renewal. It will be either one of the approver email addresses, or by uploading a text file.

Note: the file upload DCV method is not available for OV/EV certificates.

Step 4. Contacts

Confirm or change your administrative contact information.

Next steps

These guides will take you through validation with the Certificate Authority:

  1. You’ll complete the Domain Control Validation (DCV) process to have your Certificate issued.
  2. OV and EV Certificates require an additional company verification process.

Note: You can use Sectigo online order management tool to influence your certificate validation.

After validation is completed, your Certificate will be issued by the CA and sent to your specified administrative email address. If you don’t receive it for some reason, you can always download the Certificate from your account.

Note: don’t forget to install your renewed Certificate on the server to replace the old one.