You must renew your SSL certificate before it expires. Otherwise, you cannot continue to use the SSL certificate, which may cause your website to be marked as not secure. Alibaba Cloud SSL Certificates Service allows you to renew your certificate upon expiration. For early renewals, the remaining validity of your certificate will be added to the validity period of the renewed certificate.
Prerequisites
Background information
Post-payment is not accepted. You must pay first to use an SSL certificate.
The SSL Certificates Service console will notify you of upcoming expiration 60 days in advance. You must renew your certificate 3 to 10 business days before it expires to ensure that the certificate renewal can be approved before your certificate expires.
If you renew your certificate before it expires, Alibaba Cloud automatically adds the remaining validity of the old certificate to the validity period of the renewed certificate. However, this rule does not apply to free Domain Validation (DV) certificates and DigicertDV wildcard certificates.
For example, an issued certificate with one-year validity will expire on May 1, 2021. If you renew the certificate on April 25, 2021, the renewed certificate will be valid for one year plus six days starting from April 25, 2021. This means that your renewed certificate will expire on May 1, 2022. Alibaba Cloud has added the remaining validity of your old certificate to the validity period of the renewed certificate.
A renewed certificate is issued faster than a newly purchased certificate.
Limits
The renewed certificate must be consistent with the existing certificate in terms of certificate type, certification authority (CA), and applicant information. Otherwise, the renewed certificate will be identified as a newly purchased certificate, and the remaining validity of your existing certificate will not be counted.
Step 1: View certificates that are about to expire
Step 2: Renew a certificate
Step 3: Check whether the certificate has been updated
After you install the renewed certificate on your server, click the security lock in the address bar of your browser to check whether the certificate validity period has been updated. If a new validity period is displayed, your certificate has been updated.
- View the validity period of the renewed certificate on a Linux server
echo | openssl s_client -servername www.yourwebsite.com -connect www.yourwebsite.com:443 2>/dev/null | openssl x509 -noout -dates
- View the validity period of the renewed certificate on a Windows server
References
- Install SSL certificates on Tomcat servers
- Install SSL certificates on Apache servers
- Deploy SSL certificate on Ubuntu Apache2
- How do I deploy the issued certificate in Apache server
- Install an SSL certificate in an NGINX or Tengine server
- Install SSL certificates in IIS servers
- Deploy SSL certificates on CentOS-based Tomcat 8.5 or 9.0
- An SSL certificate is configured by the jetty server