You must renew your SSL certificate before it expires. Otherwise, you cannot continue to use the SSL certificate, which may cause your website to be displayed as an insecure website. Alibaba Cloud SSL Certificates Service allows you to renew your certificate upon expiration. For early renewals, the remaining validity of your old certificate is also counted. That is, the total validity of your certificate is the new term of your certificate plus the remaining validity of your certificate.

Prerequisites

You have purchased a GlobalSign certificate.
Note Currently, renewal is supported only for GlobalSign certificates, but not for Entrust certificates.

Background information

Post-payment is not allowed. You must pay first to use an SSL certificate.

A notification is displayed in the SSL Certificate console 60 days before your certificate expires. You must renew the certificate 3 to 10 business days before it expires to ensure that the new certificate can be approved before the old certificate expires.

For early renewals, Alibaba Cloud counts the total validity of your certificate by adding the remaining validity of your certificate to the new term.

For example, an issued certificate with one-year validity will expire on May 1, 2021. If you renew the certificate on April 25, 2020, your certificate will be valid for additional 6 days from April 25, 2021. That is, your certificate will expire on May 1, 2021. Alibaba Cloud has counted the remaining validity of your old certificate.

Note If the existing certificate is about to expire and you purchase a new one instead of renewing the current certificate at expiration, the remaining validity of the existing certificate cannot be added to your newly purchased certificate.

A renewed certificate can be issued faster than a newly purchased certificate.

Limits

Make sure that the certificate you want to renew is a GlobalSign certificate.
Note Currently, renewal is supported only for GlobalSign certificates, but not for Entrust certificates.

A renewed certificate must be consistent with the existing one in terms of the certificate type, brand, and organization information. Otherwise, it will be identified as a newly purchased certificate. As a result, the remaining validity of the old certificate will not be counted.

Step 1: View certificates that are about to expire

  1. Log on to the Alibaba Cloud SSL Certificate console.
  2. Click Will Expired.
  3. Optional:View the notes about certificate renewal.
    In the certificate list of the Pending Expiration dialog box, move your pointer over Notes in the Expire On column to view the renewal information.
    • After you renew a certificate, log on to the SSL Certificate console again and apply for the renewed certificate as instructed.
    • The console stores your information and you do not need to fill it in again during the application.
    • Wait for the certification authority (CA) for approval. After the renewal is completed, you will obtain a renewed certificate.
    • After the renewed certificate is issued, replace the existing certificate with the renewed certificate.

    Alternatively, click Renew Now above the certificate list to obtain the certificate renewal information.

Step 2: Renew a certificate

  1. In the certificate list of the Pending Expiration dialog box, find the target certificate and click Purchase Renewal in the Expire On column.
    Renewal
  2. On the certificate purchase page, select the type and configuration of your certificate.
    Note
    • After the renewal is done, you will receive a new certificate order. You must apply for the certificate so that the CA can issue it.
    • The brand and type of the certificate after renewal are the same as those of the certificate that you purchase.
  3. Click Buy Now.
  4. Select I agree to the Alibaba Cloud certificates service (subscription) agreement of service, and click Pay to complete the renewal.
  5. Log on to the SSL Certificate console. In the Confirm that the renewal has been completed? message, click OK.
  6. In the certificate list of the Pending Expiration dialog box, find the certificate that has been renewed and click Certificate Application in the Actions column to submit the information for approval.
    For more information, see Apply for and validate certificates.
    Note When you apply for a certificate, Alibaba Cloud SSL Certificates Service automatically synchronizes the application information and materials that you submitted the last time.
  7. Click Submit.
  8. Wait for the CA to approve and issue the certificate.
    The issuance of DV certificates takes about 5 to 10 minutes and that of OV and EV certificates takes about 2 business days at a minimum.
  9. Install the renewed certificate on your server to replace the certificate that is expiring soon.
    Note If you do not install the renewed certificate on your server, the HTTPS service becomes unavailable when the existing certificate expires.

Step 3: Check whether the certificate is updated

After you install the renewed certificate on your server, click the security lock in the address bar of your browser to check whether the certificate validity period is updated. If a new validity is displayed, your certificate is updated.

  • View the validity of a certificate on a Linux server
    echo | openssl s_client -servername www.yourwebsite.com -connect www.yourwebsite.com:443 2>/dev/null | openssl x509 -noout -dates
  • View the validity a certificate on a Windows server

References