Renewing an SSL Certificate means purchasing a new license period to extend your coverage beyond your current license expiry date. This is a separate process from reissuing your SSL Certificate, which provides a replacement SSL Certificate within your existing license period at no additional cost.
If your SSL Certificate has expired but your license period is still active, you do not need to renew. Instead, you should reissue your SSL Certificate through the tracking system to obtain a replacement with updated validity. Learn About Maintaining Your Protection 🔗
Renewal vs Reissue
Understanding the difference between renewal and reissue helps ensure you take the correct action and avoid unnecessary purchases.
Renewal involves purchasing a new SSL Certificate license when your existing license period has expired or is approaching expiry. This is a chargeable transaction that extends your coverage for a new validity period of your choice.
A reissue provides a replacement SSL Certificate within your existing license period. It is available at no additional cost and gives you a new SSL Certificate with the maximum allowable validity up to your remaining license period. Explore Our Tracking System 🔗
The Renewal Process
Renewing an SSL Certificate follows the same procedure as obtaining a new SSL Certificate. When you renew, you will need to replace your existing SSL Certificate, Private Key, and Intermediate Certificates within your hosting control panel or server.
When renewing, you benefit from being able to test and install your new SSL Certificate alongside your existing SSL Certificate. This allows you to verify the installation before your current SSL Certificate expires.
Important : Do not leave your renewal until the last day. Order queuing or processing delays may prevent timely issuance. Renew and replace your SSL Certificate at least 14 days before your existing license expires.
Planning ahead gives you time to test the new SSL Certificate and resolve any installation issues before the changeover.
License Validity Periods
SSL Certificate licenses can be purchased for validity periods of up to five years. When an SSL Certificate is issued, it carries a validity date set by industry requirements, which is currently a maximum of 200 days.
During a multi-year license, you will need to reissue your SSL Certificate periodically to maintain continuous coverage. Each reissue provides a new SSL Certificate with the maximum allowable validity up to your remaining license period. Learn About SSL Certificate Validity Periods 🔗
Important : Partners and customers are responsible for monitoring the expiry dates of installed SSL Certificates. The ordering system displays all orders on an account with the purchased license validity dates, however each SSL Certificate has its own validity dates dependent on when it was issued within the license period.
The tracking system can be accessed on an order-by-order basis and displays both the license validity and the validity details of the last SSL Certificate issued. When managing multiple SSL Certificates, it is advisable to use dedicated SSL Certificate monitoring tools to detect installed SSL Certificates and to be alerted when it is time to reissue or renew.
Trustico® also offers plans that remove this manual tracking burden entirely, described below.
Subscriptions
If you have an automatic protection plan with Trustico® your SSL Certificate license will renew automatically each month or year. You do not need to worry about purchasing a renewal with an automatic protection plan.
For customers who prefer fully automated management including automatic reissues, Trustico® offers Certificate as a Service (CaaS) which handles the entire SSL Certificate lifecycle without manual intervention. Learn About Certificate as a Service (CaaS) 🔗
Best Practices
Following these best practices when renewing your SSL Certificate will help ensure a smooth transition and maintain strong security.
Tip : Generate a new Certificate Signing Request (CSR) and Private Key when renewing your SSL Certificate. Fresh cryptographic keys reduce the risk associated with potential key compromise over time.
Avoid using an existing Certificate Signing Request (CSR), as generating a new one ensures your Private Key matches the SSL Certificate that is issued. Once you have generated your new Certificate Signing Request (CSR), you can proceed to the renewal options.
Certificate Signing Request
A Certificate Signing Request (CSR) is required to order an SSL Certificate. The Certificate Signing Request (CSR) is generated from within your hosting control panel, web server software, or server operating system.
Trustico® provides resources to help you create your Certificate Signing Request (CSR) for various platforms and server configurations.
If you prefer not to generate your own Certificate Signing Request (CSR), the Trustico® AutoCSR service can automatically generate one for you during the order process. AutoCSR is best suited to non-production environments.
For production systems, we recommend generating the Certificate Signing Request (CSR) on your own server so that the Private Key never leaves your control. Learn About Certificate Signing Requests (CSR) 🔗
Install SSL Certificate
After your renewal SSL Certificate has been issued, you will need to install it on your server along with the corresponding Intermediate Certificates. Installation procedures vary depending on your hosting control panel or server software.
Trustico® provides comprehensive installation guides for various platforms and server configurations.
If you would prefer assistance with your renewal, the Trustico® support team can provide additional information on how to complete your order and install your renewal SSL Certificate. View Our Support Resources 🔗
Microsoft Windows Server Warning
There is a known issue with renewing SSL Certificates using Microsoft Internet Information Services (IIS) that you should be aware of before proceeding.
Warning : Do not use the "Renew SSL Certificate" option within Internet Information Services (IIS). This built-in function has known limitations that may cause the renewal to fail. Instead, generate a new Certificate Signing Request (CSR) and install your renewal SSL Certificate as a new installation.
Treating the renewal as a fresh installation avoids the built-in function and gives you a reliable, predictable result.