Help Center/ Cloud Certificate Manager/ FAQs/ Certificate Validity Period/ What Can I Do If My SSL Certificate Expired?
Updated on 2024-09-18 GMT+08:00

What Can I Do If My SSL Certificate Expired?

SSL certificates have a validity period. Once a certificate expires, it cannot be used. Renewals are allowed only for valid certificates.

You can renew only paid SSL certificates you have purchased in Huawei Cloud SCM before they are about to expire. For details, see Renewing an SSL Certificate.

SCM will notify you of certificate expiration 30 days before the certificate expires.

CCM will enable an expiration reminder for SSL certificates by default not matter where you purchase the certificates. CCM will notify you by email and SMS messages. You can disable or customize the reminder. For more details, see How Do I Configure a Certificate Expiration Notification?.

  • For certificates you purchase through SCM, SCM automatically notifies you of the expiration by email and SMS two months, one month, one week, three days, and one day before a certificate expires and again when the certificate actually expired.
  • For an SSl certificate you upload to SCM, if you still need to use it, you need to upload a new one before it expires. For details, see Uploading an External SSL Certificate.

To replace the certificate that is about to expire or update the certificate in the corresponding cloud product, manually install the new certificate on your server. A certificate application must be submitted to the CA when you purchase a new certificate or renew a certificate.

You can replace the old certificate with the new one once it is issued. The replacement does not affect services.

  • You need to manually renew the certificate or purchase another one 3 to 10 working days before it expires if you have not enabled auto-renewal. If you have enabled auto-renewal, check the SMS notifications, and finish required verification 3 to 10 working days before it expires to ensure that the certificate is valid before the CA validates your verification and issues new certificate.
  • After a certificate is renewed, the validity periods of the old and new certificates are described as follows:
    • Details of new certificate not changed

      If the certificate details remain unchanged, the actual validity period of the new certificate equals to the remaining validity period of the original one plus the requested validity period of the new one. A maximum of 30 days can be counted towards the validity period of the new certificate. If you have not enabled auto-renewal, you are advised to apply for a certificate 30 days at the earliest before the current one expires.

      For example, assume that your current certificate expires on October 1, 2019, and you request a new one-year SSL certificate with the same details from the same CA on August 31, 2019. If the new certificate is issued on Sept. 1, 2019, it will be valid from Sept. 1, 2019 to Sept. 30, 2020.

      This rule is formulated, interpreted, and clarified by the CAs. If you have any questions, we will work with you to communicate and negotiate with the CAs.

    • Information about the new certificate is modified during manual renewal. For example, the domain name, certificate type, or company name is different from that of the old certificate.

      The validity periods of the current and new certificates are calculated separately.

      The use of the new certificate does not affect the current certificate. The current certificate can continue to be used until it expires.