Help Center> Cloud Certificate Manager> SSL Certificate Manager (SCM)> Managing SSL Certificates> Renewing an SSL Certificate> Performing an Auto-Renewal
Updated on 2023-10-20 GMT+08:00
View PDF

Performing an Auto-Renewal

You can enable auto-renewal to let the system renew your certificate before it expires. The system automatically renews a certificate within 30 days before it expires.

To ensure automatic application of certificates, do not cancel privacy authorization.

Auto-Renewal Restrictions

  • Only paid SSL certificates that have been purchased in Huawei Cloud SCM and are about to expire can be renewed. Uploaded certificates, free certificates, and single-domain expansion packages cannot be renewed.
  • If auto-renewal is enabled for a certificate, the system automatically purchases a new certificate that has the same specifications with the original one 30 days before the original one expires and submits a certificate application using the application information of the original certificate. You still need to cooperate with the CA to complete domain name ownership and/or organization verification. The CA will not issue the certificate until they validate your domain name ownership and identity.
  • The renewal certificate and the original certificate are two independent certificates. Once the renewed certificate is issued, you need to install it on the web server or deploy it on the Huawei Cloud product the original one is deployed.
  • The new certificate inherits the remaining validity period of the original certificate. For example, your one-year certificate will expire on November 30, 2022. If you renew the certificate and the CA issues it on November 25, 2022, the new certificate will expire on November 30, 2023. The validity period of the new certificate is one year plus the remaining validity period (five days in this case) of the original certificate.

    A DigiCert DV (basic) wildcard-domain certificate you obtain through renewal cannot inherit the remaining validity of the old certificate.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > Cloud Certificate Management Service. The service console is displayed.
  3. In the navigation pane, choose SSL Certificate Manager > SSL Certificates.
  4. In the row containing the certificate you want to renew, click in the Auto-renewal column to enable auto-renewal.

Follow-up Operations

  1. Verify the domain name ownership.

    You must complete domain name verification to prove your ownership of the associated domain name. For details, see Verifying the Domain Name Ownership.

  2. Verify the organization (required for OV and EV certificates only).

    The CA validates the organization used to submit the certificate application. For details, see Verifying the Organization.

  3. Issue the certificate.

    It will take some time for the CA to review your information. The CA will issue the certificate only after they validate your information.

  4. Install the certificate.

    Install the renewed certificate on your web server or deploy it on Huawei Cloud products to replace the old certificate that is about to expire. For details, see Installing an SSL Certificate.

  5. Check whether the new certificate is successfully installed.

    After the new certificate is installed on the web server, check whether the certificate has been updated.

    1. Visit your website using a web browser.
    2. Click in the address box of the browser to check whether the validity period of the certificate has been updated.

      If the validity period of the new certificate is displayed, the new certificate has taken effect.

      Figure 1 Validity Period