All Products
Search
Document Center

Certificate Management Service:Certificate renewal

更新時間:Jan 10, 2024

By default, a paid SSL certificate is valid for one year. If a certificate expires, your website becomes inaccessible, and other potential business risks may occur. We recommend that you pay attention to the validity period of your certificate and renew the certificate before it expires. This topic describes the conditions and process for certificate renewal, and the operations that can be performed after renewal.

Renewal scenarios

The following list describes renewal scenarios:

Important
  • If your certificate has expired, you cannot renew the certificate. You must purchase a new certificate. The new certificate is valid for one year from the date when the certificate is issued. For more information about how to purchase a certificate, see Purchase an SSL certificate.

  • After a certificate is renewed, the new certificate is independent of the original certificate. You must submit an application for the new certificate and install the new certificate after it is issued.

Certificates whose remaining validity period is less than 30 calendar days

Scenarios

When you renew a certificate that is about to expire, make sure that the following requirements are met:

  • The remaining validity period of the certificate is less than 30 calendar days. The Renewal purchase button is available for a certificate only within 30 calendar days before the certificate expires.

  • The certificate is issued by GlobalSign.

Remaining validity period

In the following scenarios, the remaining validity period of a certificate that you renew cannot be carried over to the new certificate. The validity period of the new certificate is one year starting from the day when the certificate is issued. For example, if the new certificate is issued on July 20, 2022, its validity period starts from July 20, 2022 and ends on July 20, 2023.

  • The specifications of the new certificate are different from the specifications of the original certificate. The specifications include Domain Type, Certificate Category, and Select Brand.

  • The original certificate is a third-party certificate that is uploaded.

In other scenarios, the remaining validity period of a certificate that you renew can be carried over to the new certificate. After you renew a certificate, the expiration time of the new certificate is one year later than the expiration time of the original certificate. For example, a certificate expires on August 1, 2022. If the certificate is renewed and the new certificate is issued on July 20, 2022, the validity period of the new certificate starts from July 20, 2022 and ends on August 1, 2023.

Procedure

  1. Log on to the Certificate Management Service console.
  2. On the SSL Certificates page, click the Manage Certificates or Manage Uploaded Certificates tab, and select Pending Expiration from the certificate status drop-down list.

    • The Manage Certificates tab displays the certificates that you purchase by using Certificate Management Service.

    • The Manage Uploaded Certificates tab displays the third-party certificates that you manage by using Certificate Management Service.

      Important

      When you renew an uploaded third-party certificate by using Certificate Management Service, the validity period of the new certificate is one year starting from the day when the new certificate is issued. The remaining validity period of the original certificate cannot be carried over to the new certificate.

  3. In the certificate list, find the certificate that you want to renew and click Renew in the Actions column.

  4. Follow the instructions in the Certificate Renewal panel to complete the payment.

    In the Certificate Renewal panel, the system automatically specifies the same values for the parameters as those of the certificate you want to renew. You do not need to modify the configurations.

    After the certificate is renewed, the new certificate appears below the original certificate that is about to expire. The new icon appears to the left of the new certificate. The icon indicates that the new certificate is associated with the original certificate. The validity period of the original certificate is not changed.

    The new certificate is in the Pending Application state. You must submit an application for the new certificate, and cooperate with the certificate authority (CA) staff to complete the verification of domain name ownership and the review of application materials. After the CA approves the certificate application, the CA issues the new certificate to you. For more information, see Submit a certificate application.

    Note

    If Not Activated is displayed in the Status column for a new certificate after the associated original certificate is renewed, the new certificate is not activated. If the validity period of the original certificate is less than 30 days, the system submits an application for the new certificate. To prevent your business from being affected due to an application failure, you must cooperate with the CA staff to complete the certificate application.

    If a certificate in the Not Activated state is canceled, the consumed certificate quota is returned.

What to do next

After you renew a certificate, you must perform the following operations to ensure that the new certificate can be deployed to an Alibaba Cloud service or installed on a web server in a timely manner:

  1. Submit a certificate application for the new certificate. For more information, see Submit a certificate application.

  2. After the new certificate is issued, deploy the certificate to your Alibaba Cloud service or install the certificate on your web server.

    For more information, see Installation overview.

  3. After the certificate is deployed or installed, perform the following operations to check whether the new certificate takes effect:

    After the new certificate is installed on your web server, you can check whether the certificate takes effect by performing the following operations: Visit your website by using a web browser. Then, click the 安全锁 icon in the address bar of your browser. If the validity period of the new certificate appears, the new certificate takes effect.

    On a Linux server, you can also run the following command to view the validity period of the new certificate:

    In the following command, the domain name is www.aliyundoc.com. You must replace www.aliyundoc.com with your actual domain name. 
    echo | openssl s_client -servername www.aliyundoc.com -connect www.aliyundoc.com:443 2>/dev/null | openssl x509 -noout -dates 

Certificates whose remaining validity period is greater than 30 calendar days

If the remaining validity period of a certificate is greater than 30 calendar days, you can renew the certificate in advance. This helps ensure that the certificate is renewed in a timely manner in case you forget to renew the certificate.

  1. Log on to the Certificate Management Service console.
  2. On the SSL Certificates page, click the tab on which the required certificate is displayed.

    • The Manage Certificates tab displays the certificates that you purchase by using Certificate Management Service. In the certificate list, find the certificate that you want to renew and choose 图标 > Renew in the Actions column.

    • The Manage Uploaded Certificates tab displays the third-party certificates that you manage by using Certificate Management Service. In the certificate list, find the certificate that you want to renew and click Renew in the Actions column.

  3. In the Renew (Hosting-based) dialog box, click Buy Now.

    Important

    If your certificate quota is sufficient, the quota is consumed for renewal.

References