Help Center> Cloud Certificate Manager> FAQs> Certificate Validity Period> What Can I Do If an SSL Certificate Is About to Expire?
Updated on 2023-10-20 GMT+08:00

What Can I Do If an SSL Certificate Is About to Expire?

SSL certificates have a validity period. Expired SSL certificates cannot secure your website communication connections. If your SSL certificate expires, a message indicating that your website is insecure or cannot be accessed will be displayed to visitors. This will deteriorate your website services and trustfulness.

Before an SSL certificate is about to expire, you can enable auto-renewal or manually renew it on the console. The manual renewal entry is available only for 30 calendar days before an SSL certificate expires.

SCM will notify you of certificate expiration 30 days before the certificate expires.

  • For certificates you purchase through SCM, SCM automatically notifies you of the expiration by email and SMS two months, one month, one week, three days, and one day before a certificate expires and again when the certificate actually expired.
  • For uploaded certificates, you need to configure expiration notifications so SCM can notify you of the certificate expiration by email and SMS. For details, see How Do I Configure a Certificate Expiration Notification?

To replace the certificate that is about to expire or update the certificate in the corresponding cloud product, manually install the new certificate on your server. A certificate application must be submitted to the CA when you purchase a new certificate or renew a certificate.

You can replace the old certificate with the new one once it is issued. The replacement does not affect services.

  • You need to manually renew the certificate or purchase another one 3 to 10 working days before it expires if you have not enabled auto-renewal. If you have enabled auto-renewal, check the SMS notifications, and finish required verification 3 to 10 working days before it expires to ensure that the certificate is valid before the CA validates your verification and issues new certificate.
  • After a certificate is renewed, the validity periods of the old and new certificates are described as follows:
    • Details of new certificate not changed

      If the certificate details remain unchanged, the actual validity period of the new certificate equals to the remaining validity period of the original one plus the requested validity period of the new one. A maximum of 30 days can be counted towards the validity period of the new certificate. If you have not enabled auto-renewal, you are advised to apply for a certificate 30 days at the earliest before the current one expires.

      For example, assume that your current certificate expires on October 1, 2019, and you request a new one-year SSL certificate with the same details from the same CA on August 31, 2019. If the new certificate is issued on Sept. 1, 2019, it will be valid from Sept. 1, 2019 to Sept. 30, 2020.

      This rule is formulated, interpreted, and clarified by the CA. If you have any questions, we will work with you to communicate and negotiate with the CA.

    • Information about the new certificate is modified during manual renewal. For example, the domain name, certificate type, or company name is different from that of the old certificate.

      The validity periods of the current and new certificates are calculated separately.

      The use of the new certificate does not affect the current certificate. The current certificate can continue to be used until it expires.

Certificate Validity Period FAQs

more