What is REISSUE
During the validity of an SSL/TLS certificate, there may be many situations where it is necessary to renew an already issued SSL certificate, but it is unnecessary to buy a new one, as the existing one has not yet expired. The most common reason for renewing an SSL certificate is the inability to use the private key. This may be due to the website being moved to another server/hosting, the private key has been stored incorrectly and cannot be used with the public key, or it has been "lost".
Security conditions may also change , which was the case when SHA1 algorithm support was discontinued, and all valid SSL certificates had to be regenerated with newer and more secure SHA2 (Secure Hash Algorithm).
The reason for renewing SSL certificates is also, for example, the dispute between Google and Symantec from 2017, which led to the transfer of all certification authorities Symantec, Thawte, Geotrust and RapidSSL under CA DigiCert and the need to renew SSL certificates issued before December 1, 2017.
SSL certificate REISSUE
Certification authorities offer a so-called REISSUE, which means that during the validity period of the ordered certificate, they will issue a new, identical SSL certificate under the existing conditions. The new certificate has an expiration date of 1 year and one month or until the end of the prepaid period. The condition for renewing the SSL certificate is that the domain and the content of the certificate request (CSR) must be the same as in the original order. It is not possible to reissue to another domain, even by changing the domain name in the request from domain.com -> www.domain.com
The REISSUE certificate is exactly the same as when ordering a new certificate. It is necessary to have a new CSR application for a certificate and pass a complete verification from a certification authority.
Reissue within Control Panel
Renewal of SSL certificates of all offered brands can be performed in the Control Panel -> SSL certificate detail -> section "Certificate REISSUE". After the REISSUE request, a new CSR request will be inserted into the form, and after confirmation, the request will be sent to the certification authority, which will start the standard validation as for a new order.
There is practically no difference in procedures between a new certificate order, a paid RENEW (renewal) certificate or a REISSUE (renewal) free of charge. It is always necessary to generate keys and submit a certificate request with subsequent validation by the CA.
Is the original SSL certificate revoked?
NO, the original SSL certificate is not revoked and there is no reason to do so. In theory, you can still use it, for example on another server. But remember that it may have a different expiration date than the new one.
Do I need to generate a new request (CSR)?
If you are performing REISSUE for a reason other than that you do not have a private key, you can use the original certificate request and the same private key. For example, when adding a new domain to an existing multi-domain SSL certificate, this is a convenient procedure due to faster authentication of the applicant (OV, EV certificates).
Is a complete verification of the applicant performed?
Yes, when the certificate is renewed, the existence of the domain is confirmed again and the certification authority must verify the applicant.
Back to Help
Found an error or don't understand something? Write us!