Certificate Management Service:Certificate renewal

Background information

Certificates whose remaining validity period is less than 30 calendar days

Scenarios

Remaining validity period

In other scenarios, the remaining validity period of a certificate that you renew can be carried over to the new certificate. After you renew a certificate, the expiration time of the new certificate is one year later than the expiration time of the original certificate. For example, a certificate expires on August 1, 2022. If the certificate is renewed and the new certificate is issued on July 20, 2022, the validity period of the new certificate starts from July 20, 2022 and ends on August 1, 2023.

Procedure

1. Log on to the Certificate Management Service console.
2. On the SSL Certificates page, click the Manage Certificates or Manage Uploaded Certificates tab, and select Pending Expiration from the certificate status drop-down list.
   • Manage Certificates tab: displays the certificates that you purchase by using Certificate Management Service.
   • Manage Uploaded Certificates tab: displays the third-party certificates that you manage by using Certificate Management Service.
     Important When you renew an uploaded third-party certificate by using Certificate Management Service, the validity period of the new certificate is one year starting from the day when the new certificate is issued. Alibaba Cloud does not carry over the remaining validity period of the original certificate to the new certificate.
3. In the certificate list, find the certificate that you want to renew and click Renew in the Actions column.
4. Follow the instructions in the Certificate Renewal panel to complete the payment.
   In the Certificate Renewal panel, the system automatically specifies the same values for the parameters as those of the certificate you want to renew. You do not need to modify the configurations.
   After the certificate is renewed, the new certificate appears below the original certificate that is about to expire. The icon appears to the left of the new certificate. The icon indicates that the new certificate is associated with the original certificate. The validity period of the original certificate is not changed.

   The new certificate is in the Pending Application state. You must submit a certificate application for the new certificate, and cooperate with the certificate authority (CA) staff to complete the verification of domain name ownership and the review of application materials. After the CA approves the certificate application, the CA issues the new certificate to you. For more information, see Submit a certificate application.

   Note If Not Activated is displayed in the Status column for a new certificate after the associated original certificate is renewed, the new certificate is not activated. If the validity period of the original certificate is less than 30 days, the system submits an application for the new certificate. To prevent your business from being affected due to an application failure, you must cooperate with the CA staff to complete the certificate application.

   If a certificate in the Not Activated state is canceled, the consumed certificate quota is returned.

What to do next

After you renew a certificate, you must perform the following operations to ensure that the new certificate can be deployed to an Alibaba Cloud service or installed on a web server in a timely manner:

1. Submit a certificate application for the new certificate. For more information, see Submit a certificate application.
2. After the new certificate is issued, deploy the certificate to your Alibaba Cloud service or install the certificate on your web server.
   For more information, see Installation overview.
3. After the certificate is deployed or installed, perform the following operations to check whether the new certificate takes effect:

   After the new certificate is installed on your web server, you can check whether the certificate takes effect by performing the following operations: Visit your website by using a web browser. Then, click the icon in the address bar of your browser. If the validity period of the new certificate appears, the new certificate takes effect.

   On a Linux server, you can also run the following command to view the validity period of the new certificate:

   # In the following command, the domain name is www.aliyundoc.com. You must replace www.aliyundoc.com with your actual domain name. 
   echo | openssl s_client -servername www.aliyundoc.com -connect www.aliyundoc.com:443 2>/dev/null | openssl x509 -noout -dates 

Certificates whose remaining validity period exceeds 30 calendar days

If the remaining validity period of a certificate exceeds 30 calendar days, you can renew the certificate in advance. This helps ensure that the certificate is renewed in a timely manner if you forget to renew the certificate.

1. Log on to the Certificate Management Service console.
2. On the SSL Certificates page, click the tab on which the required certificate is displayed.
   • Manage Certificates tab: displays the certificates that you purchase by using Certificate Management Service. In the certificate list, find the certificate that you want to renew and choose > Renew in the Actions column.
   • Manage Uploaded Certificates tab: displays the third-party certificates that you manage by using Certificate Management Service. In the certificate list, find the certificate that you want to renew and click Renew in the Actions column.
3. In the Renew (Hosting-based) dialog box, click Buy Now.
   Important If your certificate quota is sufficient, the quota is consumed for renewal.

References

• Submit a certificate application
• Installation overview