Help Center> Cloud Certificate Manager> SSL Certificate Manager (SCM) User Guide> Managing SSL Certificates> Renewing an SSL Certificate> Performing a Manual Renewal
Updated on 2024-06-25 GMT+08:00
View PDF

Performing a Manual Renewal

An SSL certificate issued by a CA is valid for one year. An expired SSL certificate cannot enable HTTPS-encrypted communication. To avoid this, manually renew the certificate before it expires.

Manual Renewal Restrictions

  • The company name cannot be changed when you renew a certificate.
  • The manual renewal entry is available only for 30 calendar days before an SSL certificate expires.
  • Only paid SSL certificates that have been purchased in Huawei Cloud SCM and are about to expire can be renewed. Uploaded certificates, free certificates, and single-domain expansion packages cannot be renewed.
  • Manually renewing an SSL certificate is to purchase a new certificate with the exactly same configurations as the original one. The configurations include the certificate authority, certificate type, domain type, domain quantity, and primary domain name.
  • The renewal certificate and the original certificate are two independent certificates. Once the renewed certificate is issued, you need to install it on the web server or deploy it on the Huawei Cloud product the original one is deployed.
  • The new certificate inherits the remaining validity period of the original certificate. For example, your one-year certificate will expire on November 30, 2022. If you renew the certificate and the CA issues it on November 25, 2022, the new certificate will expire on November 30, 2023. The validity period of the new certificate is one year plus the remaining validity period (five days in this case) of the original certificate.
    • The entry for renewing a DigiCert DV (basic) wildcard-domain certificate is available only within 15 calendar days before the certificate expires.
    • A DigiCert DV (basic) wildcard-domain certificate you obtain through renewal cannot inherit the remaining validity of the old certificate.
    • If you renew an SSL certificate on the certificate renewal page, and the certificate authority, certificate type, domain type, domain quantity, and/or primary domain name of the new certificate are different from those of the original certificate, the new certificate cannot automatically inherit the remaining validity period (if any) of the original certificate. So, the validity period of the new certificate is one year.

Prerequisites

  • The paid certificate is about to expire.
  • Auto-renewal is not enabled for the certificate.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > Cloud Certificate Management Service. The service console is displayed.
  3. In the navigation pane, choose SSL Certificate Manager > SSL Certificates.
  4. In the row containing the desired certificate, click Renew in the Operation column. Figure 1 shows an example.
    Figure 1 Renewal
  5. On the certificate renewal page, confirm the certificate information and click Buy Now.

    If you have any questions about the pricing, click Pricing details in the lower left corner.

  6. Confirm the order information and agree to the CCM statement by selecting I have read and agree to the Cloud Certificate Manager Statement. Click Pay.
  7. On the displayed page, select a payment method.

    After the payment is complete, go back to the certificate list to view the purchased certificate.

    In this case, the certificate is in the Pending application. To get it issued, submit a certificate application to the CA. The CA issues the certificate only after validating your renewal application.

Follow-up Operations

  1. Submit a certificate application to the CA.

    For details, see Submit an SSL Certificate Application to the CA.

    When you provide the certificate application information, ensure that the company name is the same as that of the original certificate. The company name cannot be changed when you renew an SSL certificate.

  2. Verify the domain name ownership.

    For more details, see Verifying the Domain Name Ownership.

  3. Verify the organization (required for OV and EV certificates only).

    For more details, see Verify the Organization.

  4. Issue the certificate.

    It will take some time for the CA to review your information. The CA will issue the certificate only after they validate your information.

  5. Install the certificate.

    Install the issued certificate on your web server to replace the old certificate. If you do not install the new certificate on the web server, your server cannot use the HTTPS service after the old certificate expires.

    The procedure for installing an SSL certificate varies depending on the web server. The following describes how to install an SSL certificate on mainstream web servers.

  6. Check whether the new certificate is successfully installed.

    After the new certificate is installed on the web server, check whether the certificate has been updated.

    1. Visit your website using a web browser.
    2. Click in the address box of the browser to check whether the validity period of the certificate has been updated.

      If the validity period of the new certificate is displayed, the new certificate has taken effect.

      Figure 2 Validity Period