Renewing your SSL certificate on time is as important as securing your website for the first time. An expired certificate is one of the most common causes of SSL connection errors. In this article, we’ll show you how to renew your SSL cert hassle-free so that your website remains protected around the clock. Before we walk you through the process, let’s see why certificates expire and the consequences of not renewing them before the deadline.

Why do SSL certificates expire?

The reason SSL certificates expire is to keep your encryption up to date. By asking you to renew your SSL certificate annually, the Certificate Authorities ensure you’ll always have the latest TLS versions and ciphers, impossible to break by hackers. It’s the industry-standard everyone adheres to. 

What happens when an SSL certificate expires?

If the SSL certificate expires, your website becomes unavailable. It’s simple as that. Browsers will flag your site as not secure, and visitors won’t be able to reach it. Instead, they will see a warning message urging them to avoid your site. Your online reputation could get damaged, and to make things worse, cybercriminals could exploit the expired certificate and intercept the transmitting data between the browser and the server.

So, when should I renew my SSL certificate?

The best renewal practice is within 30 days before expiration. Your new SSL cert will include all the remaining days from the previous certificate, so don’t leave it till the last day.

If you have a Domain Validation SSL Certificate, you can renew it 1-2 weeks before it expires. Allow for enough time ahead so that you manage to install it on your website and server before it becomes invalid.

In the case of Business Validation or Extended Validation SSL Certificates, we recommend commencing the renewal process 3-4 weeks in advance. Although BV and EV SSL validation takes less during renewal, it’s better to do it with enough time to spare should the CA require additional documentation.

How to find the expiration date of my SSL certificate?

You can check the validity of your certificate by clicking the padlock icon next to your website’s URL in Google Chrome. Navigate to Connection is Secure > Certificate is Valid. A new window will pop up with the certificate’s information, including the expiration date.

Alternatively, you can verify the same information from your SSL vendor’s account:

  1. Log into your SSL Dragon account
  2. Go to SSL Certificates > My SSL Certificates
  3. From the list of SSL Certificates you bought from us, click on the necessary SSL Certificate;
  4. Find the Expires field on the details page.

Renewing the SSL certificate

The SSL renewal requires the purchase of a brand new certificate for your domain and company. To meet the rigorous industry standards, Certificate Authorities must code the expiration date into the certificate. That’s why when an SSL cert expires, it’s no longer valid and needs replacement. It’s impossible to extend the life of an SSL certificate beyond the timeframe set by the CA/Browser Forum. Here’s how the renewal process works at SSL Dragon:

  1. Click the Renew button on your expiring SSL Certificate within your SSL Dragon account.
  2. Pay the invoice for the renewed SSL Certificate, then click on Back to Client Area or go to the My SSL Certificates section inside your SSL Dragon account.
  3. Click on the renewed SSL Certificate. On the SSL Certificate’s details page, scroll down and click on the green button that says Configure Now.
  4. Under the Order Type, choose Renewal
  5. Now, you have to submit the CSR (Certificate Signing Request). You can use the old CSR from your previous SSL Certificate, or generate a new CSR. Either way is fine.
  6. Continue filling out the rest of the form information for your renewed SSL Certificate.
  7. Pass the SSL validation and wait for the CA to send you the installation files.
  8. Once the new SSL files are in your inbox, follow the same procedure as you did first installing the certificate on your server. Download the zip folder, extract the files on your machine, and upload them to your server.

Streamline SSL management with Multi-Year SSL

As you already know, your SSL certificate is initially issued for just one year. However, you can still buy a two or three-year SSL Certificate and continue to benefit from multi-year discounting while remaining compliant with the CAB Forum SSL requirements. Here’s how it works:

Thirty days before the expiration of your certificate, SSL Dragon, on behalf of the CA, will notify you and ask you to reissue your SSL to get the additional (replacement) one-year certificate, according to your Subscription Plan.

From your part, you will need to validate & install the replacement SSL. The validation method is identical to respective types when buying the SSL for the first time. DV certs require a quick verification via email, HTTP, or DNS, while for BV and EV certificates, expect a callback from the CA to verify your credentials. To learn more about Multi-Year SSL, check our FAQ section.

Final Thoughts

Managing SSL certificates is all about the correct installation and timely renewal. Take care of these two crucial aspects, and you won’t have an issue with your certificate for its entire lifecycle. SSL vendors send automatic renewal notifications well in advance for you to smoothly renew your expiring cert. Ensure they don’t end up in the Spam folder. 

If you miss the renewal deadline, don’t panic, even big organizations have renewal blunders. To avoid potential website outages, initiate the renewal process ASAP. It usually takes just a few minutes to replace a DV certificate, and if your paperwork is up-to-date, Business or Extended validation should also be relatively quick.

System update vector created by pch.vector –