Renewing an SSL certificate is relatively simple. Many web hosts and registrars go as far as to automate the process, so you don’t have to lift a finger. However, if your host doesn’t offer automatic renewals for some reason, knowing how to renew a certificate manually can come in handy.
In this article, we’ll go over the reasons why renewing your certificate is important. Then we’ll teach you how to do it.
Key Steps to Renew Your SSL Certificate
Why you need to renew your SSL certificate
If you’ve ever set up an SSL certificate, you might have received an email similar to the following:
Some certificates last for up to 398 days, whereas others have expiry dates as low as 90 days (we’re looking at you Let’s Encrypt). For many, these expiration dates can be a hassle. However, there are two reasons why limited-length certificates are necessary:
- Renewing your certificate validates your website’s identity.
- It makes sure the encryption you use is up to date, which keeps user’s data secure during transit.
At one point, it was common for SSL certificates to last up to five years. It was a convenient approach, but not optimal from a security standpoint. As of September 2020, the issuing period is roughly 13 months, which was a reduction on the previously reduced standard of about two years.
Even so, 13 months seems like a long time in comparison with Let’s Encrypt’s current standards. One reason the certificate authority argues that shorter validity periods are necessary is to encourage automation.
A lot of web hosts and certificate authorities will enable you to automate the renewal process. It should arguably become the new standard, so we get to enjoy the security benefit of short certificate validity periods without having to process renewals manually.
In many cases, website owners forget about SSL renewal altogether, which can lead to warning messages:
As such, if you don’t have the option to automate the process, you’ll want to know how to renew your SSL certificate manually.
How to renew SSL certificate (in 4 simple steps)
The process for renewing your SSL certificate may vary a bit depending on what web host or certificate authority you’re using. Even so, the big picture remains the same. You’ll need to generate a certificate signing request (CSR), activate your certificate, and install it.
For illustration purposes, we’ll show you how to renew an SSL certificate on Namecheap. However, any similar cPanel backend will have the same basic steps to renew your SSL certificate.
Step #1: Generate a new CSR
The first thing you need to do is generate a CSR from your web host, which validates your server’s identity. If your hosting provider uses cPanel, you can do this by navigating to the Security tab and looking for the SSL/TLS option:
On the next screen, go for the link under Certificate Signing Requests (CSR):
From this section, you can generate a new CSR for any of your existing domains:
Do note that you’ll need to provide contact information to validate domain ownership. Once you fill out every field, your host will provide you with a CSR code, which looks like this:
Keep this code handy because you’ll need it to re-activate your certificate.
Step #2: Activate SSL certificate
Once you access your Namecheap dashboard, you’ll see an overview of all your products, including domains and SSL certificates.
If there are any certificates about to expired (or already past the due date), you’ll see an Activate option:
Clicking on this button will initiate the SSL renewal process. First off, you’ll need to enter the CSR you generated a minute ago:
Next you’ll get a chance to confirm if the renewal information is correct:
If everything looks good, you can proceed to the SSL renewal validation process.
Step #3: Validate SSL certificate
For your certificate to become valid again, you need to (once more) confirm ownership of the domain you’re using. There are three ways you can do this:
- Email validation. You can renew your SSL certificate using an email associated with the domain in question.
- HTTP validation. This validation process involves uploading a file to the server you want to install the certificate on.
- DNS validation. Using CNAME records, you can validate your SSL certificate.
The most straightforward approach is email validation. If you have an email address associated with your domain (i.e. email@example.com), go ahead and enter it now:
Now, you should get a validation email within a few minutes. Click on the link inside that email, and you’ll get a second message, including your new certificate files (in .crt format).
Step #4: Install new SSL certificate
Namecheap asks you to contact the Namecheap support team so they can install the renewed files for you. However, this isn’t set in stone across the board, so check your host’s documentation for the optimal approach.
For other web hosts, you can do this process manually. If you have access to cPanel, you can access the SSL/TLS section (as we did during step one) and look for the option that reads Manage SSL sites:
Inside, you’ll see a list of all your domains and to the right, the option to update each one’s certificate:
On the next screen, use the Autofill by Domain option to fill out the Private Key (KEY) field and enter the contents of your .crt file under Certificate:
Now click the Install Certificate button and you’re good to go. If you’re lucky, that’ll be the last time you have to renew your SSL certificate by hand!
However, when the time comes, you’ll need to renew your SSL certificate if your host hasn’t set up automated renewals for you. Here’s how to do it:
Installing an SSL certificate and using HTTPS is a great start for securing your WordPress website. But there are also lots of other ways to improve security – check out these 10 WordPress security tips to keep your site safe and consider periodically performing a website a security audit.
Do you have any questions about how to renew SSL certificates? Let’s go over them in the comments section below!