Re-issuing an SSL Certificate
Table of Contents
- Why should I re-issue my certificate?
- Requesting an SSL certificate re-issue
- Approving the SSL certificate re-issue
- Installing the SSL re-issued certificate
Re-issuing (also Re-Keying) an SSL certificate is the process of generating a new private key and CSR for an existing issued certificate.
Re-issuing an SSL certificate involves creating a new private key along with a new CSR and submitting the request to the certificate authority. The process results in a new SSL certificate being issued.
How long does it take to re-issue an SSL certificate?
In general, re-issuing a new SSL certificate takes from 2 to 5 days. However, the time frame depends on many factors.
This document applies only to standard SSL certificates. Let’s Encrypt certificates cannot be reissued at this time. If the situation arises that you would otherwise reissue your Let’s Encrypt certificate, we suggest you order a new Let’s Encrypt certificate at this time.
Please note that there are rate limits in place with Let’s Encrypt, so be sure to request a new certificate only when absolutely necessary or you may be unable to request other certificates.
Why should I re-issue my certificate?
You may need to re-issue your certificate in one of the following cases:
- Your private key has been compromised
- You lose the private key attached to the SSL certificate
- You want to change the SSL certificate signature algorithm or encryption level
- You want to change any SSL certificate information
Re-issuing a certificate is not a fully automated process. Requests have to be manually handled by our support team and it may take a few days to complete the process. The existing certificate will continue to be valid during this time frame.
Requesting an SSL certificate re-issue
To start a new certificate re-issue request
- Log into DNSimple with your user credentials.
- Click on your avatar on the top-right, and on the drop-down menu select the account.
- On the top-nav menu click the tab, locate the relevant domain and click on the name to access the domain page.
Scroll down to the list and click on the certificate.
At the page, on the status line, look for the link to reissue the certificate.
If the link is not present, it means the certificate is in a status where the certificate can not be reissued (e.g. a not issued or expired certificate).
Click the link to access the “Reissue certificate” self-service section.
- Check the certificate information and click to submit a new reissue request.
Approving the SSL certificate re-issue
Once the certificate re-issue is requested, we will forward the information to the certificate authority. The certificate authority will then send you a link to validate the certificate, as it happened for the original certificate purchase.
Remember to approve the certificate reissue!
In most cases, the reissue process gets stuck because the request is never approved by the owner. Please monitor the approval email inbox and make sure to click on the link contained in the email sent from the Certificate Authority in order to validate and approve the reissue.
Installing the SSL re-issued certificate
Once the certificate re-issued, the certificate authority will send you a new certificate. Install the new certificate and private key on your server, or replace the existing one to deploy the new certificate.
The old certificate will stay active until the expiration date.
Finding your private key
Once you have received your certificate from the Certificate Authority, go to your certificate page and click .
If you reissue request has been processed and submitted to the corresponding Certificate Authority it will be in a Submitted state. Right below the CSR a message is displayed asking you to confirm that you have received your certificate.
When you receive your reissued certificate via email, and only then, go to the status page and click the confirmation button:
At that point you will be taken back to the certificate page and you will be able to get your new private key:
Your previous private key will be permanently removed at this point. You can now install the certificate following the install steps.