SSL certificates are issued with a fixed expiration date. Renewal does not extend the existing certificate. Instead, a new certificate is generated for the same domain with a new validity period. Understanding this process helps avoid service interruptions and browser security warnings.
How SSL Certificate Renewal Works
Every SSL certificate has an expiration date embedded in it. Once this date is reached, the certificate becomes invalid and browsers will no longer trust the connection.
Renewal always results in:
- A newly issued certificate
- A new expiration date
- A new certificate file and, in most cases, a new private key
The domain name remains the same, but the certificate itself is replaced.
[Screenshot placeholder: browser certificate details showing expiration date]
Automatic Renewal and Billing
Paid SSL certificates typically use an automatic renewal model. An invoice is generated in advance of the expiration date to allow enough time for processing and installation.
Common characteristics of automatic renewal include:
- Invoice generated before expiration
- Renewal requires payment before certificate issuance
- Failure to renew results in certificate replacement
If a paid certificate expires without renewal, it may be replaced by a basic free certificate to maintain encryption. This ensures continuity of HTTPS but removes advanced features such as warranties and business validation.
Preparing for Certificate Renewal
Before renewing an SSL certificate, confirm the current expiration date and determine which certificate type you want to continue using.
You can verify the expiration date by:
- Viewing certificate details in your web browser
- Checking the SSL management section of your hosting control panel
[Screenshot placeholder: SSL details page in hosting panel]
Renewing the SSL Certificate
After the renewal invoice is paid, a new certificate request must be generated.
Accessing SSL Management
Log in to your hosting control panel and navigate to the section where SSL products are managed.
[Screenshot placeholder: hosting panel product list with SSL highlighted]
Select the SSL certificate and open its management interface.
Generating the Certificate Request
In the SSL setup section, confirm or enter the following information:
- Domain name
- Email address for validation notices
- Location details such as city, region, and country code
- Organization or individual name
- Department or unit name if applicable
By default, the system generates a Certificate Signing Request automatically using this information.
[Screenshot placeholder: SSL setup form with CSR fields]
If you already have a CSR generated externally, you can switch to custom input and paste the CSR text. The private key must never be shared.
Validation Requirements
Some certificate types require additional verification.
For Organization Validation or Extended Validation certificates, you may be asked to provide:
- Verified business contact details
- Proof of organization identity
- Domain ownership confirmation
Validation instructions are sent by email after submission.
[Screenshot placeholder: domain validation email instructions]
Receiving and Installing the New Certificate
Once validation is completed, the new certificate and associated private key become available in the SSL management area.
At this stage, the certificate must be installed on the server to replace the expiring one.
Installation methods depend on the hosting environment and may vary between control panels.
SSL renewal and installation are commonly performed on platforms such as cPanel hosting environments and Plesk-based hosting platforms, or on custom infrastructure running on dedicated server platforms.
[Screenshot placeholder: certificate and key available for installation]
After installation, always verify that:
- The new certificate is active
- The expiration date reflects the new validity period
- Browsers no longer display certificate warnings