Renewals

Renewing an SSL Certificate means purchasing a new license period to extend your coverage beyond your current license expiry date. This is a separate process from reissuing your SSL Certificate, which provides a replacement SSL Certificate within your existing license period at no additional cost.

Renew Your SSL Certificate Reissue Your SSL Certificate

If your SSL Certificate has expired but your license period is still active, you do not need to renew. Instead, you should reissue your SSL Certificate through the tracking system to obtain a replacement with updated validity. Learn About Maintaining Your Protection 🔗

Renewal vs Reissue

Understanding the difference between renewal and reissue helps ensure you take the correct action and avoid unnecessary purchases.

Renewal involves purchasing a new SSL Certificate license when your existing license period has expired or is approaching expiry. This is a chargeable transaction that extends your coverage for a new validity period of your choice.

A reissue provides a replacement SSL Certificate within your existing license period. It is available at no additional cost and gives you a new SSL Certificate with the maximum allowable validity up to your remaining license period. Explore Our Tracking System 🔗

The Renewal Process

Renewing an SSL Certificate follows the same procedure as obtaining a new SSL Certificate. When you renew, you will need to replace your existing SSL Certificate, Private Key, and Intermediate Certificates within your hosting control panel or server.

When renewing, you benefit from being able to test and install your new SSL Certificate alongside your existing SSL Certificate. This allows you to verify the installation before your current SSL Certificate expires.

Important : Do not leave your renewal until the last day. Order queuing or processing delays may prevent timely issuance. Renew and replace your SSL Certificate at least 14 days before your existing license expires.

Planning ahead gives you time to test the new SSL Certificate and resolve any installation issues before the changeover.

License Validity Periods

SSL Certificate licenses can be purchased for validity periods of up to five years. When an SSL Certificate is issued, it carries a validity date set by industry requirements, which is currently a maximum of 200 days.

During a multi-year license, you will need to reissue your SSL Certificate periodically to maintain continuous coverage. Each reissue provides a new SSL Certificate with the maximum allowable validity up to your remaining license period. Learn About SSL Certificate Validity Periods 🔗

Important : Partners and customers are responsible for monitoring the expiry dates of installed SSL Certificates. The ordering system displays all orders on an account with the purchased license validity dates, however each SSL Certificate has its own validity dates dependent on when it was issued within the license period.

The tracking system can be accessed on an order-by-order basis and displays both the license validity and the validity details of the last SSL Certificate issued. When managing multiple SSL Certificates, it is advisable to use dedicated SSL Certificate monitoring tools to detect installed SSL Certificates and to be alerted when it is time to reissue or renew.

Trustico® also offers plans that remove this manual tracking burden entirely, described below.

Subscriptions

If you have an automatic protection plan with Trustico® your SSL Certificate license will renew automatically each month or year. You do not need to worry about purchasing a renewal with an automatic protection plan.

Reissue Your SSL Certificate

For customers who prefer fully automated management including automatic reissues, Trustico® offers Certificate as a Service (CaaS) which handles the entire SSL Certificate lifecycle without manual intervention. Learn About Certificate as a Service (CaaS) 🔗

Best Practices

Following these best practices when renewing your SSL Certificate will help ensure a smooth transition and maintain strong security.

Tip : Generate a new Certificate Signing Request (CSR) and Private Key when renewing your SSL Certificate. Fresh cryptographic keys reduce the risk associated with potential key compromise over time.

Avoid using an existing Certificate Signing Request (CSR), as generating a new one ensures your Private Key matches the SSL Certificate that is issued. Once you have generated your new Certificate Signing Request (CSR), you can proceed to the renewal options.

Certificate Signing Request

A Certificate Signing Request (CSR) is required to order an SSL Certificate. The Certificate Signing Request (CSR) is generated from within your hosting control panel, web server software, or server operating system.

Trustico® provides resources to help you create your Certificate Signing Request (CSR) for various platforms and server configurations.

Certificate Signing Request (CSR)

If you prefer not to generate your own Certificate Signing Request (CSR), the Trustico® AutoCSR service can automatically generate one for you during the order process. AutoCSR is best suited to non-production environments.

For production systems, we recommend generating the Certificate Signing Request (CSR) on your own server so that the Private Key never leaves your control. Learn About Certificate Signing Requests (CSR) 🔗

Install SSL Certificate

After your renewal SSL Certificate has been issued, you will need to install it on your server along with the corresponding Intermediate Certificates. Installation procedures vary depending on your hosting control panel or server software.

Trustico® provides comprehensive installation guides for various platforms and server configurations.

Installation Instructions

If you would prefer assistance with your renewal, the Trustico® support team can provide additional information on how to complete your order and install your renewal SSL Certificate. View Our Support Resources 🔗

Microsoft Windows Server Warning

There is a known issue with renewing SSL Certificates using Microsoft Internet Information Services (IIS) that you should be aware of before proceeding.

Warning : Do not use the "Renew SSL Certificate" option within Internet Information Services (IIS). This built-in function has known limitations that may cause the renewal to fail. Instead, generate a new Certificate Signing Request (CSR) and install your renewal SSL Certificate as a new installation.

Treating the renewal as a fresh installation avoids the built-in function and gives you a reliable, predictable result.

Most Popular Questions

Frequently asked questions covering SSL Certificate renewal versus reissue, when to renew, license validity periods, generating a new Certificate Signing Request (CSR), automatic protection plans, and the Windows Internet Information Services (IIS) renewal issue.

Difference Between Renewing and Reissuing an SSL Certificate

Renewal involves purchasing a new SSL Certificate license when your existing license period has expired or is approaching expiry, which is a chargeable transaction. A reissue provides a replacement SSL Certificate within your existing license period at no additional cost.

When to Renew Your SSL Certificate

Trustico® recommends renewing and replacing your SSL Certificate at least 14 days before your existing license expires. Do not leave your renewal until the last day, as order queuing or processing delays may prevent timely issuance.

Generating a New Certificate Signing Request (CSR) When Renewing

Trustico® recommends generating a new Certificate Signing Request (CSR) and Private Key when renewing, because fresh cryptographic keys reduce the risk associated with potential key compromise over time. If you prefer not to generate your own, the Trustico® AutoCSR service can create one during ordering, though AutoCSR is best suited to non-production environments. For production systems, generating the Certificate Signing Request (CSR) on your own server is recommended.

Maximum SSL Certificate License Period

SSL Certificate licenses can be purchased for validity periods of up to five years. However, each issued SSL Certificate has a maximum validity set by industry requirements, currently 200 days, so you will need to reissue periodically during a multi-year license.

Automatic Protection Plan Coverage

Automatic protection plans handle license renewal only. You are still responsible for reissuing your SSL Certificate when it approaches its maximum validity period. For fully automated management that includes automatic reissues, Trustico® offers Certificate as a Service (CaaS).

Avoiding the Renew SSL Certificate Option in Internet Information Services (IIS)

The built-in renewal function within Internet Information Services (IIS) has known limitations that may cause the renewal to fail. Instead, generate a new Certificate Signing Request (CSR) and install your renewal SSL Certificate as a new installation.

SSL Certificates and Front-of-Site Services Like Cloudflare

SSL Certificates and Front-of-Site Services Lik...

Learn how front-of-site services like Cloudflare affect which SSL Certificate visitors see and how to apply your purchased SSL Certificate to them.

SSL Certificates and Front-of-Site Services Lik...

Learn how front-of-site services like Cloudflare affect which SSL Certificate visitors see and how to apply your purchased SSL Certificate to them.

Understanding X9 Certificates and the Public Trust Model

Understanding X9 Certificates and the Public Tr...

Learn what X9 Certificates are, how X9 PKI differs from public browser trust, and why they are not a substitute for a publicly trusted SSL Certificate.

Understanding X9 Certificates and the Public Tr...

Learn what X9 Certificates are, how X9 PKI differs from public browser trust, and why they are not a substitute for a publicly trusted SSL Certificate.

Why Your SSL Certificate Type and Brand Matter by Industry

Why Your SSL Certificate Type and Brand Matter ...

Why the type and brand of SSL Certificate matter across regulated industries, who examines your validation standing, and what is at stake when they do.

Why Your SSL Certificate Type and Brand Matter ...

Why the type and brand of SSL Certificate matter across regulated industries, who examines your validation standing, and what is at stake when they do.

Revocation Status Errors on a Valid SSL Certificate

Revocation Status Errors on a Valid SSL Certifi...

A revocation status error such as RevocationStatusUnknown can appear on a valid SSL Certificate. Learn how to confirm it is not revoked and what to do next.

Revocation Status Errors on a Valid SSL Certifi...

A revocation status error such as RevocationStatusUnknown can appear on a valid SSL Certificate. Learn how to confirm it is not revoked and what to do next.

Website Security Checks : Essential Steps to Protect Your Business Online

Website Security Checks : Essential Steps to Pr...

Keep your website secure with the SSL Certificate checks that matter most, from expiry and chain coverage to validation levels, issuance controls, and automation.

Website Security Checks : Essential Steps to Pr...

Keep your website secure with the SSL Certificate checks that matter most, from expiry and chain coverage to validation levels, issuance controls, and automation.

Installing an S/MIME E-Mail Certificate in Mozilla Thunderbird

Installing an S/MIME E-Mail Certificate in Mozi...

Import a PKCS12 E-Mail Certificate into Mozilla Thunderbird, assign it for signing and encryption, and exchange secured messages with any recipient.

Installing an S/MIME E-Mail Certificate in Mozi...

Import a PKCS12 E-Mail Certificate into Mozilla Thunderbird, assign it for signing and encryption, and exchange secured messages with any recipient.

1 / 6