How do I reissue my SSL certificate?

Before starting a reissue, you will need to generate a brand new CSR/RSA pair and save your RSA for further installation.

If you are not able to generate a CSR yourself for some reason, please ask your web hosting provider to do this for you.

Once you have a new CSR, you may proceed with the next step. Reissuance is completely free of charge, unless you are adding SAN names to a Multi-Domain certificate with a reissue.

Note: Starting May 3, 2016, Comodo certificates can be reissued for any Common Name at no additional cost.

If you are reissuing an OV/EV SSL, use the same contact information that you used originally, unless you are reissuing the certificate to change this information. This will save you some time during reissuance.

Now that you’re aware of all the main points during reissue, we may proceed.

  1. Log into your Namecheap account and proceed to the Domain list section:

    domainlist

    Here you can see all the domain names and services assigned to them, including SSL certificates. Please make sure you have the filter 'All Products' enabled in the Domain list.

  2. Click on the caret to expand the list of services associated with the domain name, locate the SSL certificate you would like to reissue and click on the Manage button:

    reissue2.png

  3. You will see all the details about your active SSL certificate. To start the reissuance, click on the arrow-down near the See Details button and then select Reissue:
    reissue3.png


         reissue4.png

    We recommend that you download the existing issued SSL certificate and save it prior to starting the reissue.

  4. As soon as you click on Reissue, you will see this notification:

    reissue5.png

  5. All other steps are the same as during the initial SSL certificate activation.

    You will need to paste your CSR along with

    -----BEGIN CERTIFICATE REQUEST-----
    and
    -----END CERTIFICATE REQUEST----- tags.

    As soon as the CSR code is pasted, you will see that the domain name will be fetched into the “Primary domain” section. Also, you will be notified if the Common Name in your CSR is different from the one the initial certificate was issued for.

    revoknotice

    The Web-Server option offers you to choose between Apache and IIS/Tomcat servers. If you have a Linux-based server different from Apache, you still can select Apache, because the SSL certificate file format will be applicable for your server as well.

    newact2

  6. The next step is to select the Domain Control Validation (DCV) method to confirm the domain ownership.

    newact3

    If the initial SSL certificate issuance was confirmed via email, this option will be set as default during the reissue, but you can go ahead and change it to the HTTP-based or DNS-based method.


    When the HTTP-based validation method is selected, you will be provided with a text file upon the SSL certificate reissue. It has to be uploaded into a particular directory of your website (/.well-known/pki-validation/) so that it can be accessible via http://fully.qualified.name/.well-known/pki-validation/

    NB: If you have activated the certificate with domain.com or www.domain.com indicated as FQDN in your CSR code, please make sure that the file is available via http://domain.com/.well-known/pki-validation/file.txt . In this case, www.domain.com is considered to be under your control as well.

    Content of the file shouldn't be changed in any way, as Comodo validation system is case sensitive.

    If you decided to go ahead with the DNS-based validation, you will need to create a CNAME record in your domain host records. You will be provided with the the record as soon as the reissue process is completed in your Namecheap account.

  7. The Next button will lead you to the page with administrative details/contact email address:

    • for the DV certificate you will just need to confirm the admin email address shown on the page

      newact4

      Note that the administrative contact email section is greyed out, and the new email address cannot be entered. The reissued data will always come through to the email address you registered with originally. This cannot be changed. If you no longer have access to this email address, contact our support team.

    • For the OV certificate, the following contact page will get shown:

      The sections ‘Company’ and ‘Legal address’ require providing your company name and its physical address. The registration number can be provided as well, though, it is optional.

      The section ‘Representative’ is needed for the callback verification step. It is necessary to specify the first and last name of the person who will receive the callback email and proceed with the call. Usually, it should be a member for the company applied for the certificate. The phone number for the form should be a company one as well. Comodo will need to locate it in the online database along with the company details and verify.

      Note! Please keep in mind that the company details for OV/EV certificates can be changed during reissue only within 45 days since the certificate issuance. If you try to change the company details for the certificate that is issued more than 45 days ago, the reissue process will most likely result in error.

    • For the EV certificate, the contact page will be the following:

      The ‘Company’ section requires legal company name specified. Additional fields are Doing business as (DBA name) and Company registration number.

      The section ‘Legal address’ is for providing physical address of the company.

  8. The last step will summarize the actions one needs to perform to complete domain control validation:

    newact5

    Almost the same message will be displayed if the email or DNS-based validation method is selected. Click “Confirm” to submit the reissue.

  9. Now your SSL certificate information page will look like this:

    reissue13.png

    Here you can change the method to complete validation:

    reissue14.png

    You can select between  the email, HTTP-based and DNS-based validation methods.

    The approver email is to be delivered to the approver address shortly after you finish activation. If you do not receive the email in 2 hours, please refer to the instructions provided in the What should I do if approval email was not delivered? article. When you confirm the issuance by following the link in the approver email, you should receive the signed certificate to the administrative email address you indicated during activation.

    The situation is the same for HTTP-based and DNS-based validation. After the file is uploaded or the record is created, the certificate should be validated and issued within 2 hours.

    It may take about 2 hours for the Certification Authority to process the order. If the certificate is not delivered in 2 hours, please contact our Live Support or submit a ticket.

Comments

We welcome your comments, questions, corrections and additional information relating to this article. Your comments may take some time to appear. Please be aware that off-topic comments will be deleted.

If you need specific help with your account, feel free to contact our Support Team. Thank you.

Need help? We're always here for you.

× Close