How do I reissue my SSL certificate?
Before starting a reissue, you will need to generate a brand new CSR/RSA pair and save your RSA for further installation.
If you are not able to generate a CSR yourself for some reason, please ask your web hosting provider to do this for you.
Once you have a new CSR ready, you may proceed with the next step.Reissuance is completely free of charge, unless you are adding SAN names to a Multi-Domain certificate with a reissue.
Note, only Comodo SSL certificates can be reissued for a different subdomain of the hostname the certificate was originally issued for. For example, ssl-certificate-host.com can be reissued for sub.ssl-certificate-host.com and vice versa. Geotrust and Symantec Certificate Authorities do not have this option available at the moment.
If you are reissuing an OV/EV SSL, use the same contact information that you used originally, unless you are reissuing the certificate to change this information. This will save you some time during reissuance process.
Now that you’re aware of all the main points during reissue, we may start with the process itself.
Log in to your Namecheap account and proceed to Dashboard section:
Here you can see all the domain names, and services assigned to them, including SSL certificates.
Click on the caret to expand the list of services associated with the domain name, locate the SSL certificate you would like to reissue and click on Manage button:
You will see all the details about your active SSL certificate. To start the reissuance process, click on arrow-down near See Details button and then select Reissue:
We do recommend you download the existing issued SSL certificate and save it prior to starting the reissue process.
As soon as Reissue is clicked, you will see this notification:
All other steps are the same as during the initial SSL certificate activation.
You will need to paste your CSR along with
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST----- tags.
As soon as the CSR code is pasted you will see that the domain name will be fetched into the “Primary domain” section. Web-Server option offers you to choose between Apache and IIS/Tomcat servers. If you have a Linux-based server different from Apache you still can select Apache because SSL certificate file format will be applicable for your server as well.
Please click on orange Submit button to see a brief summary of the ‘about-to-be-reissued’ certificate.
- The next step is to select a Domain Control Validation (DCV) method to confirm the domain ownership.
Note, the step is not applicable for reissue of Symantec, GeoTrust and Thawte OV and EV SSL Certificates. These certificates imply company verification prior to issuance and domain ownership is checked in the process.
If the initial SSL certificate issuance was confirmed via E-mail this option will be set as default during the reissue process, but you can go ahead and change it to HTTP-based or DNS-based method.
When HTTP-based validation method is selected, upon SSL certificate reissue you will be provided with a text file. It has to be uploaded to the root directory of your website, so that it can be accessible via http://www.example.com/[file_name].txt
If you decided to go ahead with DNS-based validation, you will need to create a CNAME record in your domain host records. You will be provided with the the record as soon as the reissue process is completed in your Namecheap account.
- Next button will lead you to the page with administrative details:
Note, the administrative contact Email section is greyed out and the new E-mail address cannot be entered. The reason is quite obvious: since this is a reissue, this data (E-mail address to deliver a certificate file) has already been submitted to the CA databases. Unfortunately, reissue process will not allow you to change this address. However, you will be able to download the certificate in your account after the reissue is completed.
- The last step will summarise the actions one needs to perform to complete the domain control validation:
Almost the same message will be displayed if E-mail or DNS-based validation method is selected. Click “Confirm” to submit the reissue.
Now your SSL certificate information page will look like this:
Here you can change the method to complete the validation:
You can select between E-mail, HTTP-based and DNS-based validation methods (only for COMODO certificates).
The approval email is to be delivered to approval address shortly after you finish activation process. If you do not receive the email in 2 hours, please refer to instructions provided in What should I do if approval email was not delivered? article. When you confirm the issuance by following link in approval email you should receive the signed certificate to the administrative email address you indicated during the activation.
The situation is the same for HTTP-based and DNS-based validation. After the file is uploaded or the record is created, the certificate should be validated and issued within 2 hours.
Processing of order by Certification Authority may take about 2 hours. If certificate is not delivered in 2 hours please review I have not received my SSL certificate troubleshooter for help.