Renewing your Sectigo SSL certificate

Overview

On November 1, 2018, Comodo announced that the company is rebranding to Sectigo. For more information about this, please see the following announcement at Sectigo's website:

Any Comodo certificate issued after January 2019 will reference Sectigo as the certificate authority, while any certificates issued prior to that will still reference Comodo. These are still the same company, and the only difference is the name.

The following describes how to renew professionally-signed SSL certificates purchased through Comodo/Sectigo.

When should I renew my certificate?

If you use AutoPay and the domain on which you installed the Comodo/Sectigo certificate is hosted at DreamHost, then the certificate will be auto-renewed. You do not need to renew it or re-enter any payment information when the certificate is due for renewal, as the renewal process will be handled for you.

See the Comodo/Sectigo auto-renew section below for more information.

Make sure you renew the certificate BEFORE the expiration date. This ensures you do not lose any protection.

Please note that even if you renew before the expiration date, you do not lose any time on your current certificate that you've already paid for.

How to renew a certificate in the panel

Certificate Authorities typically send expiration/renewal reminders to the admin address anywhere from 30 to 90 days before the certificate’s expiration date. DreamHost sends SSL certificate renewal notices to the primary contact address of the account 35 days before the expiration date of the certificate.

There are several options to renew your Comodo/Sectigo signed SSL certificate, which are described in the following sections.

Option 1 — Purchasing a renewal

Renewing your certificate in your panel is basically the same procedure as purchasing a new professionally-signed SSL certificate.

Renewing the certificate before its expiration date does not remove any time on your current certificate that you've already paid for. The new certificate will being to function once the current one expires.

Option 2 — Renewing your certificate in the panel (before it's expired)

To renew a Comodo/Sectigo certificate (before it's expired) by clicking the Renew Certificate Now button in the panel.

This only appears within one month of the expiration date.

  1. Navigate to the SSL/TLS Certificates page.
    renew comodo cert
  2. Click the Settings button to the right of your domain.
    renew comodo cert
  3. Click the Renew Certificate Now button.
  4. Enter your personal and website information.
    • You must fill in ALL of the fields (including the 'Organization name') in order to successfully proceed to the next step. If you don't have an organization name, then enter your first and last name. 'Street 2' and 'Street 3' are optional fields—you can leave those blank if your address does not include any of this info (such as an apt. #).
    • This information is used to generate the Certificate Signing Request (CSR) that is used to generate your new professionally-signed SSL certificate.
    Click Proceed to Next Step when finished.
  5. On the next page, select one of your domain's emails from the dropdown.

    Confirmation address

    This must be an email on your domain.Make sure one of the emails listed in that dropdown has been created on your domain and you are able to receive mail with it. If it does not exist, create this email first before continuing.

    Please note that the process to verify your domain using email is a last resort. This means you may never receive a confirmation email and the SSL will process correctly. However, it's possible you will receive an email if other DCV steps fail to verify. So it's still important to configure this email address. View the following article for further details:

  6. On the last page choose how you'd like to pay. Your options are either credit card or electronic check.
  7. When finished enter your information, click the Submit Payment Now button.

Option 3 — Renewing your certificate in the panel (after it's expired)

  1. Navigate to the SSL/TLS Certificates page.
    renew comodo cert
  2. Click the Settings button to the right of your domain.
    expired comodo cert
  3. Under your expired domain, click the Renew Certificate Now button.
  4. You can then proceed through the steps (in Option 2) above to enter your personal and credit card information and place the new order.

Using the auto-renewal feature

DreamHost auto-renews your Comodo/Sectigo certificate as long as the following criteria are met:

  • You've enabled AutoPay.
  • Your domain is hosted with DreamHost (i.e., the domain is listed in the panel and has its DNS pointed to DreamHost).

To verify if your domain is set up for auto-renewal, navigate to the SSL/TLS Certificates page and click the Settings button to the right of your domain:

2019-09_panel_comodo_auto-renew-off

Auto Renewal is enabled by default. To disable Auto Renewal, click the Turn Off Auto Renewal button.

Even if your certificate is set to auto-renew, you can renew your certificate in the panel if it's within a week of its expiration date. It won't prompt you for billing details since it knows that auto-pay is enabled. In the event that it fails the DNS validation check, this provides you with more time to manually verify the certificate.

If you need to make changes to a certificate that's set to auto-renew

In the event that you need to make changes to a certificate (e.g., contact details, email address, billing information), navigate to the SSL/TLS Certificates page and click the Settings button to the right of your domain:

2019-09_panel_comodo_add-new-cert

Click the Add New Certificate button, which opens the Comodo/Sectigo certificate signup page where you can purchase a new certificate that includes your updated information.

What if my Comodo/Sectigo SSL certificate does not complete the renewal process?

There may be situations when your renewal does not complete, even though you renewed your Comodo/Sectigo certificate in the panel. Typically this shows as 'Unknown' for the Expires value, which is usually due to a failure to respond to the request email sent to the Domain Control Validation (DCV) address you selected for this order.

You must respond to the email that is sent in order to successfully complete the renewal of the certificate.

If you did not receive the DCV email to confirm your SSL certificate order, then follow these steps to reissue a new email request:

  1. Navigate to the SSL/TLS Certificates page.
  2. Click the Settings button to the right of the domain.
  3. When the Settings page opens, click the Resend DCV button.
  4. Be sure to use a valid email address to send the order confirmation to.
    The DCV email is sent to the address you specified. Check your email, and then respond to the request. After the DCV email is confirmed, it can take up to an hour for the SSL certificate to become active.

Renewing your certificate with another Certificate Authority

If you wish to renew the certificate with another Certificate Authority (CA), you can simply copy the Certificate Signing Request (CSR) that's currently in your panel and use it to initiate the renewal process with them. You can access your CSR by following the instructions described in the following article:

If you cannot find an available Certificate Signing Request in the panel for the domain/subdomain, please see the Generating or Regenerating a CSR article instructions on how to replace it.

See also

 

Did this article answer your questions?

Article last updated PST.