How do I reissue my SSL certificate?

How do I reissue my SSL certificate?

Before starting a reissue, you will need to generate a brand new CSR/RSA pair and save your RSA key for further installation.

If you are not able to generate a CSR yourself for some reason, please ask your web hosting provider to do this for you.

Once you have a new CSR, you may proceed with the next step. Reissuance is completely free of charge, unless you are adding SAN names to a Multi-Domain Certificate with a reissue.

Note: Starting May 3, 2016, Comodo (now Sectigo) certificates can be reissued for any common name at no additional cost.

If you are reissuing an OV/EV SSL, use the same contact information that you used originally, unless you are reissuing the certificate to change this information. This will save you some time during reissue.

Now that you’re aware of all the main points during reissue, we may proceed.

To start with, log into your Aviumshost account. Next, you can start the reissue process either in the SSL Certificates list or in the Domains List as follows.

  • Navigate to the Dashboard and open the SSL Certificates tab. Expand the drop-down and select the Reissue option as it is shown on the screenshot below.

 

  • If you are in the Domain List already, you can also start the SSL reissue. For this, ensure that All Products option is filtered at the top-right, expand the list of the services associated with the domain name in question, and click Manage next to the SSL Certificate that should be reissued. On the next page, click Reissue at the bottom of the screen, like on the picture below.

As soon as you click on Reissue, you will see this notification:

Click Yes to proceed.

All other steps are the same as during the initial SSL certificate activation.

You will need to paste your CSR along with

-----BEGIN CERTIFICATE REQUEST-----
and
-----END CERTIFICATE REQUEST----- tags.

As soon as the CSR code is pasted, you will see that the domain name will be fetched into the Primary domain section. Also, you will be notified if the common name in your CSR is different from the one the initial certificate was issued for.

The next step is to select the Domain Control Validation (DCV) method to confirm the domain ownership.

If the initial SSL certificate issuance was confirmed via DNS record, the "Add CNAME record" option will be set as default during the reissue, but you can go ahead and change it to the "Upload a validation file" or "Receive an email" method.

Receive an email method involves receiving and confirming a validation email at the domain-related email address from the given list.

When the Upload a validation file method is selected, you will be provided with a text file upon the SSL certificate reissue. It has to be uploaded into a particular directory of your website (/.well-known/pki-validation/) so that it can be accessible via http://fully.qualified.name/.well-known/pki-validation/

Note: If you have activated the certificate with domain.com or www.domain.com indicated as FQDN in your CSR code, please make sure that the file is available via http://domain.com/.well-known/pki-validation/file.txt . In this case, www.domain.com is considered to be under your control as well.

Content of the file shouldn't be changed in any way, as Comodo (now Sectigo) validation system is case sensitive.

If you decided to go ahead with the Add CNAME record option, you will need to create a CNAME record in your domain host records. You will be provided with the the record as soon as the reissue process is completed in your Aviumshost account.

The Next button will lead you to the page with administrative details/contact email address:

  • For a DV certificate, the next page will be the last one where the administrative contact email address and the DCV method will be summarized:

Note that the administrative contact email section is greyed out, and the new email address cannot be entered. The reissued data will always come through to the email address you registered with originally. This cannot be changed. If you no longer have access to this email address, contact our support team.

  • For the OV certificate only, the following contact page will get shown:
  • The sections Company and Legal address require providing your company name and its physical address. The registration number can be provided as well, though, it is optional.

    The section Representative is needed for the callback verification step. It is necessary to specify the first and last name of the person who will receive the callback email and proceed with the call. Usually, it should be a member for the company applied for the certificate. The phone number for the form should be a company one as well. Comodo (now Sectigo) will need to locate it in the online database along with the company details and verify.

    Note! Please keep in mind that the company details for OV/EV certificates can be changed during reissue only within 45 days since the certificate issuance. If you try to change the company details for the certificate that is issued more than 45 days ago, the reissue process will most likely result in error.

  • For the EV certificate, the contact page will be the following:

The Company section requires legal company name specified. Additional fields are Doing business as (DBA name) and Company registration number.

The section Legal address is for providing physical address of the company.

The last step will summarize the details submitted for the reissue. Just click Confirm to submit the reissue.

Now your SSL certificate information page will look like this:

You will see the instructions on how to switch the validation methods, if you want to, within the yellow frame at the top of your SSL Details page.

It may take about 2 hours for the Certification Authority to process the order. If the certificate is not delivered in 2 hours, please contact our Live Support or submit a ticket.

Keep in mind that it typically takes more time for the OV and EV certificates to be reissued because the Certificate Authority performs manual company details check during the reissue as well. If the CA representatives don't contact you on this matter within 1-2 days after the DCV is done, please contact our Support Team so we can expedite your order processing.

  • 28 Users Found This Useful
Was this answer helpful?

Related Articles

How to Generate CSR (Certificate Signing Request) Code

What is a CSR? CSR code (Certificate Signing Request) is a specific code and an essential part...

How can I complete the domain control validation (DCV) for my SSL certificate?

Before a certificate can be issued, the certificate applicant needs to confirm the domain...