Renewing your Sectigo SSL certificate

 

Overview

Any Comodo certificate issued after January 2019 references Sectigo as the certificate authority, while any certificate issued prior to this date references Comodo. Both names refer to the same company.

The following describes how to renew professionally-signed SSL certificates purchased through Sectigo.

When should I renew my certificate?

If you use AutoPay and the domain on which you installed the Sectigo certificate is hosted at DreamHost, then the certificate will be auto-renewed. You do not need to renew it or re-enter any payment information when the certificate is due for renewal, as the renewal process will be handled for you.

See the Sectigo auto-renew section below for more information.

Make sure you renew the certificate BEFORE the expiration date. This ensures you do not lose any protection.

Please note that even if you renew before the expiration date, you do not lose any time on your current certificate that you've already paid for.

How to renew a certificate in the panel

Certificate Authorities typically send expiration/renewal reminders to the admin address anywhere from 30 to 90 days before the certificate’s expiration date. DreamHost sends SSL certificate renewal notices to the primary contact address of the account 35 days before the expiration date of the certificate.

There are several options to renew your Sectigo signed SSL certificate, which are described in the following sections.

Option 1 — Purchasing a renewal

Renewing your certificate in your panel is basically the same procedure as purchasing a new professionally-signed SSL certificate. See the following article for more information:

Renewing the certificate before its expiration date does not remove any time on your current certificate that you've already paid for. The new certificate will being to function once the current one expires.

Option 2 — Renewing your certificate in the panel (before it's expired)

To renew a Sectigo certificate (before it's expired) by clicking the Renew Certificate Now button in the panel.

This only appears within one month of the expiration date.

  1. Navigate to the Secure Certificates page.
  2. Click the Settings button to the right of your domain.
  3. Click the Renew Certificate Now button.
  4. Enter your personal and website information.
    • You must fill in ALL of the fields (including the 'Organization name') in order to successfully proceed to the next step. If you don't have an organization name, then enter your first and last name. 'Street 2' and 'Street 3' are optional fields—you can leave those blank if your address does not include any of this info (such as an apt. #).
    • This information is used to generate the Certificate Signing Request (CSR) that is used to generate your new professionally-signed SSL certificate.
    Click Proceed to Next Step when finished.
  5. On the next page, select one of your domain's emails from the dropdown list.

    Confirmation address

    This must be an email on your domain. Make sure one of the emails listed in that dropdown has been created on your domain and you are able to receive mail with it. If it does not exist, create this email first before continuing.

    Please note that the process to verify your domain using email is a last resort. This means you may never receive a confirmation email and the SSL will process correctly. However, it's possible you will receive an email if other DCV steps fail to verify. So it's still important to configure this email address. View the following article for further details:

  6. On the last page, choose how you'd like to pay. Your options are either credit card or electronic check.

    The panel will read ADD NEW CERTIFICATE even though you are still renewing the current certificate.

  7. When finished, click the Proceed to Next Step button.
  8. When finished entering your information, click the Place Certificate Order button.

Option 3 — Renewing your certificate in the panel (after it's expired)

  1. Navigate to the Secure Certificates page.
  2. Click the Settings button to the right of your domain.
  3. Under your expired domain, click the Renew Certificate Now button.
  4. Proceed through the steps (in Option 2) above to enter your personal and credit card information and place the new order.

Using the auto-renewal feature

DreamHost auto-renews your Sectigo certificate as long as the following criteria are met:

  • You've enabled AutoPay.
  • Your domain is hosted with DreamHost (i.e., the domain is listed in the panel and has its DNS pointed to DreamHost).

To verify if your domain is set up for auto-renewal, navigate to the Secure Certificates page and click the Settings button to the right of your domain:

Auto Renewal is enabled by default. To disable Auto Renewal, click the Turn Off Auto Renewal button.

Even if your certificate is set to auto-renew, you can renew your certificate in the panel if it's within a week of its expiration date. It won't prompt you for billing details since it knows that auto-pay is enabled. In the event that it fails the DNS validation check, this provides you with more time to manually verify the certificate.

If you need to make changes to a certificate that's set to auto-renew

In the event that you need to make changes to a certificate (e.g., contact details, email address, billing information), navigate to the Secure Certificates page and click the Settings button to the right of your domain:

Click the Add New Certificate button, which opens the Sectigo certificate signup page where you can purchase a new certificate that includes your updated information.

What if my Sectigo SSL certificate does not complete the renewal process?

There may be situations when your renewal does not complete, even though you renewed your Sectigo certificate in the panel. Typically this shows as 'Unknown' for the Expires value, which is usually due to a failure to respond to the request email sent to the Domain Control Validation (DCV) address you selected for this order.

You must respond to the email that is sent in order to successfully complete the renewal of the certificate.

If you did not receive the DCV email to confirm your SSL certificate order, then follow these steps to reissue a new email request:

  1. Navigate to the Secure Certificates page.
  2. Click the Settings button to the right of the domain.
  3. When the Settings page opens, click the Resend DCV button.
  4. Be sure to use a valid email address to send the order confirmation to.
    The DCV email is sent to the address you specified. Check your email, and then respond to the request. After the DCV email is confirmed, it can take up to an hour for the SSL certificate to become active.

Renewing your certificate with another Certificate Authority

If you wish to renew the certificate with another Certificate Authority (CA), you must create a Certificate Signing Request (CSR) file at DreamHost and use it to initiate the renewal process with them. View the following article for instructions on how to create this file:

See also

Did this article answer your questions?

Article last updated PST.

Still not finding what you're looking for?