Overview
This article describes two options to renew a professionally-signed SSL certificate purchased through Sectigo.
Please note that even if you renew before the expiration date, you do not lose any time on your current certificate that you've already paid for.
Make sure you renew the certificate BEFORE the expiration date. This ensures you do not lose any protection. Renewal notices are sent in the following time frames.
- DreamHost: Renewal notices are sent to the primary contact address of the account 35 days before the expiration date.
- Certificate Authorities: These companies typically send expiration/renewal reminders to the certificate's admin address 30 to 90 days before the certificate’s expiration date.
Create a confirmation email address
During the process of purchasing an SSL certificate, you will be asked for a confirmation email address on your domain. For example: admin@example.com.
Before continuing, make sure an address has been created on your domain and you are able to receive mail with it.
Option 1 — Manually renew in the panel
You can manually renew a certificate in the panel before or after it is expired.
This option appears one month before the expiration date.
- Navigate to the Secure Certificates page.
- Click the Settings button to the right of your domain.
- Click the Renew Certificate Now button.
- Enter your personal and website information.
- You must fill in ALL of the fields in order to generate your new professionally-signed SSL certificate.
- If you don't have an 'organization name', then enter your first and last name.
- 'Street 2' and 'Street 3' are optional fields—you can leave those blank if your address does not include any of this info (such as an apt. #).
- Click Proceed to Next Step when finished.
- On the next page, select one of your domain's emails from the dropdown list.
Confirmation address
This must be an email on your domain. Make sure one of the emails listed in that dropdown has been created on your domain and you are able to receive mail with it. If it does not exist, create this email first before continuing.
Please note that the process to verify your domain using email is a last resort. This means you may never receive a confirmation email and the SSL will process correctly. However, it's possible you will receive an email if other DCV steps fail to verify. So it's still important to configure this email address. View the following article for further details:
- On the last page, choose how you'd like to pay. Your options are either credit card or electronic check.
The panel will read ADD NEW CERTIFICATE even though you are still renewing the current certificate.
- When finished, click the Proceed to Next Step button.
- When finished entering your information, click the Place Certificate Order button.
Option 2 — Use the auto-renew service
DreamHost auto-renews your Sectigo certificate as long as the following criteria are met:
- You've enabled AutoPay.
- Your domain is hosted with DreamHost (i.e., the domain is listed in the panel and has its DNS pointed to DreamHost).
To verify if your domain is set up for auto-renewal, navigate to the Secure Certificates page and click the Settings button to the right of your domain.
Even if your certificate is set to auto-renew, you can renew it in the panel within a week of its expiration date. It won't prompt you for billing details since it knows that auto-pay is enabled. In the event that it fails the DNS validation check, this provides you with more time to manually verify the certificate.
Change contact details of a certificate
In the event that you need to make changes to a certificate (e.g., contact details, email address, billing information), you can do so by purchasing a new certificate in the panel.
- Navigate to the Secure Certificates page.
- Click the Settings button to the right of your domain.
- Click the Add New Certificate button.
- The Sectigo certificate signup page opens where you can purchase a new certificate with your updated information.
Troubleshooting
What if my Sectigo SSL certificate does not complete the renewal process?
There may be situations when your renewal does not complete, even though you renewed your Sectigo certificate in the panel. Typically this shows as 'Unknown' for the Expires value, which is usually due to a failure to respond to the request email sent to the Domain Control Validation (DCV) address you selected for this order.
You must respond to the email that is sent in order to successfully complete the renewal of the certificate.
If you did not receive the DCV email to confirm your SSL certificate order, then follow these steps to reissue a new email request:
- Navigate to the Secure Certificates page.
- Click the Settings button to the right of the domain.
- When the Settings page opens, click the Resend DCV button.
- Be sure to use a valid email address to send the order confirmation to.
- The DCV email is sent to the address you specified. Check your email, and then respond to the request. After the DCV email is confirmed, it can take up to an hour for the SSL certificate to become active.
Renewing your certificate with another Certificate Authority
If you wish to renew the certificate with another Certificate Authority (CA), you must create a Certificate Signing Request (CSR) file at DreamHost and use it to initiate the renewal process with them. View the following article for instructions on how to create this file: