How to renew an SSL certificate?

PositiveSSL & EssentialSSL Certificate renewal
InstantSSL, PremiumSSL and EV SSL Certificate renewal
Multi-Domain Certificate renewal
Next steps

SSL Certificate Renewal becomes available in your Account from 30 days before its expiration. We’ll send you email reminders 30, 15, 7, 3 and 1 day before your Certificate expires, so you’ll have plenty of opportunity to renew.

Note: if Certificates are allowed to expire, they can’t be renewed. In this case you’d need to buy a brand new Certificate.

Let’s get started with your renewal:

In your Account panel, click My SSL at the upper right corner. On the next page, use the Renew button next to the Certificate in question to initiate the renewal process.

You’ll be directed to the checkout page to complete your repeat purchase.

Once done, go back to to the My SSL list in your Account and click the Activate button next to the renewal Certificate you’ve just ordered.

Your next steps will depend on the Certificate type you’ve renewed. Jump to the below section that applies.

Renewal for PositiveSSL, EssentialSSL, PositiveSSL Wildcard and EssentialSSL Wildcard

Step 1. Save new key

You have two options. Either download the new key automatically generated in your browser, or submit a manually generated CSR.

Note: both options support IDNs with the following TLDs. Paste in the IDN instead of typing it, to ensure no errors cause delays.

a) Create CSR in-browser

This is a default option in your Account panel, after specifying the domain for your Certificate. Click Save Key to download the Private key for your renewal Certificate.

 

Keep in mind that by default, the Private key will be saved to the “Downloads” folder on your computer. So, ensure to keep it safe and not to remove accidentally when clearing up your downloads.

b) Manual CSR Option

To switch to using the CSR pre-generated on your server, or to receive a corresponding command to generate one, tick the Enter CSR field.

Note: you can select the encryption method and server type to receive the corresponding command in the Create CSR in a command line field.

The Private key is generated along with the CSR and should be stored on the server. The Private key code is required during the SSL installation, so keep it safe.
Paste the CSR code including —–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—– into the Enter CSR field.

 

Click Onwards.

Step 2. Confirm domain

Choose your preferred DCV method i.e. either upload your validation file or receive an email from the Certificate Authority.

Most people choose the email option. Verify that the email details for the certificate are correct, then click Submit.

 

Renewal for InstantSSL, EV SSL, InstantSSL Pro, PremiumSSL, PremiumSSL Wildcard

Step 1. Save new key

You have two options. Either download the new key automatically generated in your browser, or submit a manually generated CSR.

Note: both options support IDNs with the following TLDs. Paste in the IDN instead of typing it, to ensure no errors cause delays.

a) Create CSR in-browser

This is a default option in your Account panel, after specifying the domain for your Certificate. Click Save Key to download the Private key for your renewal Certificate.

Keep in mind that by default, the Private key will be saved to the “Downloads” folder on your computer. So, ensure to keep it safe and not to remove accidentally when clearing up your downloads.

b) Manual CSR Option

To switch to using the CSR pre-generated on your server, or to receive a corresponding command to generate one, tick the Enter CSR field.

Note: you can select the encryption method and server type to receive the corresponding command in the Create CSR in a command line field.

The Private key is generated along with the CSR and should be stored on the server. The Private key code is required during the SSL installation, so keep it safe.
Paste the CSR code including —–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—– into the Enter CSR field.

Click Onwards.

Step 2. Pick company

To save you time, we will pre-fill the information from your previous Certificate. Simply make sure that the details are correct, and appear as listed in government or business directories (Yellow pages, Dun & Bradstreet etc).

 

Step 3. Review & Submit

Verify that the company details you submitted are correct.

Choose your preferred DCV method i.e. either upload your validation file or receive an email from the Certificate Authority.

Most people choose the email option. Verify that the email details for the certificate are correct, then in your Account panel click Submit.

 

 After the activation is complete, proceed with the validation steps.

Renewal for Multi-Domain Certificates

You’ll need a new CSR code. You can request the CSR from your hosting provider, or generate it yourself. View our CSR generation instructions for more guidance.

Step 1. CSR info

Copy and paste the CSR code you’ve generated for the Certificate renewal.

 

 If you get an error message, view this related article for further guidance.

Step 2. Domains

Select the server type you will install your renewed the certificate on.

 

Check the domains (SANs) that will get SSL encryption, and click Onward.

Alternatively, if there’s an issue, re-generate the CSR according to the prompt messages and try again.

You can easily add more domains using the plus button.

 

Step 3. Confirm domain

Choose the Domain Control Validation (DCV) method for this renewal. It will be either one of the approver email addresses, or by uploading a text file.

Note: the file upload DCV method is not available for OV/EV certificates.

 

Step 4. Contacts

Confirm or change your administrative contact information.

 

Next steps

These guides will take you through validation with the Certificate Authority:

  1. You’ll complete the Domain Control Validation (DCV) process to have your Certificate issued.
  2. OV and EV Certificates require an additional company verification process.

Note: You can use Sectigo Order Status Checker to influence your certificate validation.

After validation is completed, your Certificate will be issued by the CA and sent to your specified administrative email address. If you don’t receive it for some reason, you can always download the Certificate from your account.

Note: don’t forget to install your renewed Certificate on the server to replace the old one.