Reissuing an SSL certificate

Prerequisites

• The certificate is in the Issued state.
• The certificate is a single-domain or wildcard-domain certificate.

Constraints

• Free certificates and multi-domain certificates cannot be re-issued.

• An issued certificate can be reissued within a specified period. The period varies depending on domain type and CAs. The following describes the period given by some CAs:
  • DigiCert and GeoTrust: 25 days.
• There is no limit on how many times you can apply for reissues of a single-domain or wildcard-domain certificate only when the reissue is requested within the specified period. This period varies depending on CAs.

Procedure

1. Log in to the management console.
2. In the Operation column of the target domain name, choose More > Reissue.
   Figure 1 Reissuing an SSL certificate
   
   

   If the reissue button disappears or the reissue failed, check the following items:

   • Certificate status. The certificate you want to reissue must have been issued. If the certificate is not issued, it cannot be reissued.
   • Certificate type. Free certificates and multi-domain certificates cannot be reissued.
   • Certificate CA. If your certificate was issued by GlobalSign, a reissue can only be initiated within 5 days after the certificate was issued.
   • Certificate CA. If your certificate was issued by DigiCert, GeoTrust, CFCA, TrustAsia, or vTrus, a reissue can only be initiated within 25 days after the certificate was issued.

3. To change the domain name for a certificate, perform operations by referring to Table 1. You can also modify the company contact or authorizer information.

   Table 1 Domain name parameters

   Parameter	Description	Example Value
   CSR	To obtain an SSL certificate, a Certificate Signing Request (CSR) file needs to be submitted to the CA for review. A CSR contains a public key and a distinguished name (DN). Typically, a CSR is generated by a web server. A pair of public and private keys are created along with the CSR. Options: System generated CSR: The system automatically generates a certificate private key. Once the certificate is issued, you can download your certificate and private key on the certificate management page. You manually generate a CSR file and paste the content of the CSR file into the text box. You are advised to select System generated CSR to avoid approval failure caused by incorrect content.	System generated CSR
   Domain Name	This parameter is displayed when you purchase a single-domain or wildcard-domain certificate. If you select Upload a CSR for CSR, the domain name is automatically parsed based on the CSR file. You do not need to manually enter the domain name. If you select System generated CSR for CSR, manually enter the domain name or wildcard domain to be associated with the certificate. Single domain: If your domain is www.domain.com, enter www.domain.com for Domain Name.	www.domain.com
   Domain Name Verification Method	In accordance with the CA specifications, after applying for a certificate, you need to work with the CA to verify ownership of the associated domain name. After your ownership of the domain name is verified by you and approved by the CA, the CA will issue the certificate. Options: DNS: You need to verify the domain ownership by resolving a specific DNS record on the domain name management platform. Manual DNS verification: You need to go to the DNS service provider of the domain name to perform the verification. File: You need to create a specified file on the server to verify your ownership of the domain. Email: You can click the link and follow the directions in the email to verify ownership of the domain.	Manual DNS verification

4. Click Submit.
   1. After you submit the reissue application, the certificate status has changed to CA verifying (reissue).
   2. The CA will send an email to you within one to two working days to confirm the cancellation of the issued certificate. After you confirm the email, the CA will cancel the issued certificate and the certificate will enter the reissue process.