An overview of the Renewal process

Renewals are a regular part of the SSL/TLS lifecycle. You can renew your SSL certificate starting 90 days before its expiration. Despite what the name may suggest, renewing your SSL certificate is the same process you go through when you purchase an SSL Certificate for the first time. Time cannot be added on to your existing certificate.

The reason you have to renew is two-fold. Perhaps most importantly, shorter lifespans aid in the proliferation of new standards, algorithms and ciphers. Encryption is advancing every day. Changing out certificates regularly keeps your encryption up to date.

The second reason is that the CAs need to re-validate you once in a while so that you can maintain your trusted status.

How do I renew my SSL certificate?

You can only initiate the renewal process up to 90 days out from your certificate expiration date. If you wish to renew the certificate before then, you can always place a fresh order for the cert, but you will not be able to take advantage of any early renewal carrying over of time. 

Renewing is easy and can be done any of these ways: 

  • By purchasing the same certificate as before and selecting "Renewal" during the Generation step
  • Following the prompts in CheapSSLSecurity renewal emails
  • Accessing the Expiring Orders page on your account Dashboard

Clicking the number of Expiring Orders shown will scroll the page down to the Renewal Alerts section where you will see your eligible orders . Click the "Renew" button to begin the process.

Do I have to stick with the same certificate to renew?

No. You don’t. If you would like to upgrade or pick another certificate type, you can still renew. A word of caution though, if you plan on switching products, you will not be able to take advantage of any early renewal carrying over of time.

Do I lose time if I renew early?

No! As long as you’re renewing with the same brand/product that you purchased previously, all of the Certificate Authorities we carry will allow you to carry over up to 90 days on the lifespan of your new certificate.

Will I have to go through validation again?

When the CAB Forum reduced the maximum lifespan of an SSL certificate from three years to two, it also decided to cap the number of days a CA can re-use the same validation information at 825. If you had a one or two-year certificate, your CA can re-use your information (though you may need to update it if anything has changed with your website). However, if wait too long you’ll have to undergo validation once again.

Do I have to install the renewal certificate?

Yes. The CA will email you a brand new certificate file to replace the one that is expiring, so you will need to refer to your server/host's instructions and install the new SSL certificate on your website, or purchase our SSL Installation Service along with the renewal to have our team of specialists take care of it for you.

How do I remember?

CheapSSLSecurity sends its customers a series of emails at regular intervals to make sure they don’t forget. For information on managing your renewal e-mails through your CheapSSLSecurity account, please see our article on How to Manage Renewal Email Preferences.

If you have any further questions, or need help with your renewals, feel free to contact our Support Team 24/7/365.