SSL Renewal Tips
Here are a few tips to ensure renewing your SSL certificate runs smoothly.
Generate a new CSR
When it comes time to renew generate a new CSR for your SSL certificate. Do not use an existing CSR you may have had from last year. This may not meet the new minimum key size requirements and may have expired.
Ensure you have access to your web server/control panel
When you renew your SSL certificate you still have to generate a new CSR and install a new certificate. The renewal process does not just add extra time to your existing certificate.
Use the same Common Name
To avoid losing any remaining time on your existing SSL certificate the common name in your new CSR must exactly match the existing common name. If the common name is different it will be classed as a new order and not a renewal.
www.servertastic.com is not the same as servertastic.com
Renew more than 30 days before expiry
You can renew an SSL certificate up to 90 days before expiry. Any time you have remaining on your existing SSL certificate is added to your new certificate (up to a max of 90 days). Therefore DO NOT leave your renewal until the day before expiry. There may be a delay in issuance or a problem with your order. As a result your existing certificate may expire before your new one is issued. I recommend renewing at least 30 days before expiry. If you have an Extended Validation certificate then increase this to 60 days for additional safety.
Make sure your whois information is accurate
Accurate whois information allows for the approver email to be delivered quicker. It also allows for the domain ownership of Extended Validation certificates to be completed.
Generate your certificate with a minimum 2048 bit keysize
All SSL certificates now require a 2048bit keysize. Smaller than this and your order will not be processed. Check any legacy systems support key sizes this big.
Check your system supports intermediate certificates
All SSL certificates are now issued with an Intermediate CA. Check your web server or application can support an intermediate CA. Some legacy systems may need updating.
Use the SSL Installation Checker
Once installed use the SSL Installation Checker to verify your certificate is working correctly.
Renew with ServerTastic
You can renew your RapidSSL, Thawte, VeriSign or Geotrust certificate with ServerTastic even if you did not buy it from us originally.
More Tips?
If you have any other renewal tips let us know!
