Reissuing a certificate means the certificate is issued again, (well) before its expiration date. The duration of the certificate remains the same, unless it has a term longer than 27 months after March 1 2018 at the moment of reissue.
As of 1 March, the maximum duration of SSL certificates is 825 days (approximately 27 months). If you re-issue after this date, the remaining term is limited to a maximum of 825 days. Any lost term can be compensated at a later stage with a free replacement certificate.
What is not Possible?
- It's not possible to change the expiration date, certificate type, domainname (CN) or company data by reissuing it.
- It's not possible to reissue an email signature. The only solution here is to apply for a new signature.
What is Possible?
- Reissue a certificate based on the same data.
- It is possible to change or add Subject Alternative Names (SAN's) to a multi-domain certificate (all brands). In this case you enter the current domains as well as the new domains. Only the newly added domains will be charged.
- Upgrade a SHA-1 certificate to a SHA-2 certificate.
- Create a new CSR
- Apply for a reissue by:
- Creating a new certificate application while logged into the account used to apply for the current certificate. The system will notice that the certificate has already been issued for your web server and process the application as a reissue.
- Log onto the Control Panel, find the certificate you wish to reissue and click the option Reissue.
- Install the new certificate.
Note: If you apply for a reissue within 90 days before expiration, we'll contact you to check whether you want to renew or reissue the certificate.
A certificate reissue is free of charge. In case of a multi-domain certificate, a reissue is free of charge as long as the number of (sub) domains included in the certificate remains the same. For adding additional (sub) domains to the certificate, the standard cost per domain for the remaining validity of the certificate will be charged.
- You have a Sectigo (Comodo) multi-domain, valid for two years, in which three domains have been included.
- You do a reissue to alter one of the domains (SAN) included. You won't receive an invoice because the number of domains haven't changed.
- Half way through the first year, you wish to have the certificate reissued and add one additional domain to the certificate. For including the fourth domain, you will receive a bill for the remaining year the certificate will be valid.
There can be several reasons to reissue a certificate:
- The private key of your certificate is in the possession of an unauthorized party. To prevent abuse a reissue is advisable.
- You are switching to a new provider or server and it is not possible to export the certificate and private key from the old environment.
- You have lost your certificate, possibly because of a server crash.
- You have a multi-domain, and want to add or change the domains included in it.
Note: After a reissue the old certificate will not be revoked automatically. If you want to revoke the certificate, please send a request to firstname.lastname@example.org
Checks for a reissue
- For a reissue based on an new CSR a new domain validation will be performed.
- As long as the private key doesn't change when extending a multidomain certificate with a reissue, it won't be necessary to re-validate the current domains. Domain validation will only be done for the new domains. For safety reasons it's advisable to use new key material for a reissue.
- When adding extra domains to an EV certificates, all checks will be performed again.