How do I reissue my SSL certificate?

Before starting a reissue, you will need to generate a brand new CSR/RSA pair and save your RSA key for further installation.

If you cannot generate a CSR yourself for some reason, please ask your web hosting provider to do this for you.

Once you have a new CSR, you may proceed to the next step. Reissuance is completely free of charge unless you are adding SAN names to a Multi-Domain Certificate during reissue.

Note: Starting May 3, 2016, Comodo (now Sectigo) certificates can be reissued for any common name at no additional cost.

If you are reissuing an OV/EV SSL, use the same contact information that you used originally unless you are reissuing the certificate to change this information. This will save you some time during reissue.

Now that you’re aware of all the main points during reissue, we may proceed.

To start with, log into your Namecheap account. Next, you can start the reissue process either in the SSL Certificates list or in the Domains List as follows:

  • Open the SSL Certificates tab. Expand the drop-down and select the Reissue option as it is shown on the screenshot below.

  • If you are in the Domain List already, you can also start the SSL reissue. For this, ensure that All Products option is filtered at the top-right, expand the list of the services associated with the domain name in question, and click Manage next to the SSL Certificate that should be reissued. On the next page, click Reissue at the bottom of the screen, like in the picture below.

As soon as you click on Reissue, you will see this notification:

reissue_5.png

Click Yes to proceed.

All other steps are the same as during initial SSL certificate activation.

You will need to paste your CSR along with the

-----BEGIN CERTIFICATE REQUEST-----
and
-----END CERTIFICATE REQUEST----- tags.

As soon as the CSR code is pasted, you will see that the domain name is fetched into the Primary domain section. Also, you will be notified if the common name in your CSR is different from the one the initial certificate was issued for.

revoknotice

The next step is to select the Domain Control Validation (DCV) method to confirm the domain ownership.

If the initial SSL certificate issuance was confirmed via the DNS record, the "Add CNAME record" option will be set as default during the reissue, but you can go ahead and change it to the "Upload a validation file" or "Receive an email" method.

The receive an email method involves receiving and confirming a validation email at the domain-related email address selected from the given list.

When the Upload a validation file method is selected, you will be provided with a text file upon SSL certificate reissue. It should be uploaded into a particular directory of your website (/.well-known/pki-validation/) so that it can be accessed via http://yourdomain.com/.well-known/pki-validation/validation_file.txt

If you have a Single-domain SSL, you should also make the file available via http://www.yourdomain.com/.well-known/pki-validation/validation_file.txt

Content of the file shouldn't be changed in any way, as Comodo (now Sectigo) validation system is case sensitive.

The 'Upload a validation file' method is not available for Wildcard SSLs.

If you decide to go ahead with the Add CNAME record option, you will need to create a CNAME record in your domain host records. You will be provided with the record as soon as the reissue process is completed in your Namecheap account.

The Next button will lead you to the page with the administrative details/contact email address:

  • For a DV certificate, the next page will be the last one where the administrative contact email address and the DCV method are summarized:

    newact5

    Note that the administrative contact email section is greyed out, and the new email address cannot be entered. The reissued data will always come through to the email address you registered with originally. This cannot be changed. If you no longer have access to this email address, contact our SSL team via Live Chat or email us to sslsupport@namecheap.com.

  • For the OV certificate only, the following contact page will be shown:

    The sections Company and Legal address require filling in your company name and its physical address. The registration number can be provided as well, though, it is optional.

    The section Representative is used for the callback verification step. It is necessary to specify the first and last name of the person who will receive the callback email and proceed with the call. Usually, it should be a member of the company applied for the certificate. The phone number in the form should be a company one as well. Comodo (now Sectigo) will locate it in the online database along with the company details and verify.

    Note! Please keep in mind that the company details for OV/EV certificates can only be changed during reissue within 45 days since the certificate issuance. If you try to change the company details for the certificate that was more than 45 days ago, the reissue process will most likely result in error.

  • For the EV certificate, the contact page will be the following:

    The Company section requires to specify the legal company name. Additional fields are Doing business as (DBA name) and Company registration number.

    The section Legal address is for providing physical address of the company.

    The last step will summarize the details submitted for the reissue. Just click Confirm to submit the reissue.

    Now your SSL certificate information page will look like this:





    You will see the instructions on how to switch the validation methods, if you want to, within the yellow frame at the top of your SSL Details page.

    It may take about 2 hours for the Certification Authority to process the order. If the certificate is not delivered in 2 hours, please contact our SSL team via Live Chat or email us to sslsupport@namecheap.com.

    Keep in mind that it typically takes more time for OV and EV certificates to be reissued because the Certificate Authority performs a manual company details check during reissue as well. If CA representatives don't contact you on this matter within 1-2 days after DCV is done, please contact our Support Team so we can expedite your order processing.

  • Once reissue is done and you receive an email with the updated SSL, make sure to install the new certificate files on the server to replace the old one.
Updated
Viewed
197733 times

Need help? We're always here for you.

notmyip