This topic describes how to replace a certificate with a new certificate. We recommend that you replace certificates before they expire to avoid service interruption.


  1. Log on to the Server Load Balancer console.
  2. Click the ID of the Server Load Balancer (SLB) instance for which you want to replace the certificate and select the Listener tab.
  3. Find the HTTPS listener for which you want to replace the certificate and click Manage Certificate in the Actions column.
  4. On the Manage Certificate page, select Add Server Certificate.
    You can also select Create Server Certificate or Purchase Certificate. For more information about how to create a server certificate, see Certificate overview.
  5. On the Advanced Settings tab, click Modify and select whether to enable mutual authentication and TLS security policy. For more information, see Add an HTTPS listener.
  6. Click OK.
  7. On the Certificates page, find the expired certificate and click Delete.
  8. In the message that appears, click OK.
    Note If the certificate is associated with another listener, it cannot be deleted.