How can I revoke my certificate?
Certificate revocation is a process of invalidating an issued SSL certificate. With revocation, a particular certificate identifier is added to the Certificate revocation lists distributed by the Certificate Authorities and to OCSP servers. As a result, browsers and other clients detect that the certificate is invalid and show the corresponding security warning, telling a site visitor that the installed certificate was revoked and should not be trusted.
This is how the warning may look in different browsers:
If you want to revoke the whole certificate order, you can contact our Support team via our Ticket system with a cancellation request. In your request, please specify the certificate ID/order ID/common name of the certificate you want to be cancelled and revoked, your Namecheap username and account Support PIN. Keep in mind that after the certificate cancellation is completed, the certificate cannot be used anymore, and you will not be able to perform any actions with it in your Namecheap account.
Sometimes, there may be cases when a certificate needs to be replaced with a new one, while the old certificate should be revoked. The most frequent scenario for this is that a private key associated with the certificate became compromised. In this case, both the certificate reissue and revocation can be performed in your account with us (provided that the certificate is supplied by Namecheap). For reissue instructions, feel free to refer to this guide.
After the reissue is completed, the certificate management page will have separate entries for the old certificate and for the new one. The latest one will have the status ACTIVE, while the old one will be labeled as REPLACED. Despite this, the certificate with the status REPLACED might still be valid, usable and can be returned by the server without showing any security warning.
In order to invalidate the certificate that was replaced, you need to access your certificate management page:
- Log into the account dashboard;
- Go to Domain List;
- Locate the domain name associated with the certificate and click on the caret to expand the list of services;
- Find the SSL certificate you need and press the Manage button next to it to get to the certificate management page.
At the bottom of the page, you will see separate entries for the original certificate and the replaced one in the table Certificate Versions. To revoke the replaced certificate, click on the the downwards arrow next to the See Details button and then on Revoke:
You will be asked to confirm the revocation in the pop-up window. Note that the certificate revocation cannot be undone.
After you confirm the revocation of your certificate, the request is sent immediately to the Certificate Authority, and the status of the certificate is updated to REVOKED at once.
Note: If during the reissue of a Sectigo (former Comodo) certificate you have changed the common name of the certificate, the replaced certificate gets revoked automatically. Therefore, there is no need to revoke it additionally. The certificate status in your account will be also shown as Revoked.
Once the certificate is revoked, you will be able to remove it from the certificate details page. Click on the downwards arrow next to the See Details button and then on Remove to make the certificate entry disappear:
After the certificate is revoked, it will be added to the certificate revocation list by the Certificate Authority within the time frame usually specified in the CA policy for the certificate. You will need to uninstall the certificate from the website if it is revoked - otherwise, browsers will show the security warnings. Additionally, you can check whether or not the certificate is revoked using the following checking tool: https://decoder.link