When protecting your website from virtual threats, there are nice-to-haves and there are must-haves. SSL encryption is, without a doubt, in the latter category.

SSL (and its successor, TLS) encrypts the connectedness between your web server and those accessing your website. This fashion, if your connectedness is intercepted by a bad role player, they won't be able to view or alter whatever information transferred betwixt the two computers.

SSL/TLS protection is expected from all websites today, and so much and so that many web hosting services include a basic SSL certificate for gratis with the buy of a plan. Yous tin likewise easily purchase and install an SSL certificate yourself, or acquire i for free.

However, cybersecurity is never a one-and-washed process — it's a persistent effort to harden your website and protect your users. Every bit such, SSL certificates don't final forever. Subsequently a certain menses, you'll have to install a new one to maintain the same protection. In this mail, we'll show you lot how to do so yourself.

Download Now: Free Intro Guide to HTML & CSS

Why do I need to renew my SSL certificate?

Well-nigh SSL certificates elapse after one to two years, depending on the blazon of document you're using and your certificate authority (CA), the organization that issued your SSL document. A notable exception to this is the pop CA Let's Encrypt, whose certificates expire subsequently 90 days.

When your SSL document expires, it's out of commission — you can't "extend" it. Instead, you lot'll demand to replace it with a new SSL certificate, besides called a "renewal" SSL certificate. In that location are two main reasons why SSL certificates must exist replaced at least every two years:

  • A new certificate ensures that the encryption used is up to the latest security standards.
  • Information technology's more difficult for hackers to compromise a key if it's continually replaced.

Beyond these practical reasons, there's another big incentive to update your SSL encryption: Your visitors will know if your website uses an expired SSL certificate. When they try to load your site, they might see a warning similar this:

a warning screen in google chrome indicating that a website's SSL certificate is expired

Image Source

If you desire visitors to head somewhere else, this is a great way to practice information technology. Otherwise, make sure that y'all renew your SSL certificate when you tin can — it keeps your site protected and your visitors happy.

How to Renew an SSL Certificate

  1. Set reminders for SSL expiration.
  2. Generate a Certificate Signing Request.
  3. Buy and activate your new SSL certificate.
  4. Complete domain control validation.
  5. Install your new SSL document.

Offset things outset: If your CA, hosting provider, or website builder offers automatic updates for your SSL document, let it handle this process for you. It'south one less thing for you lot to worry about, and eliminates the risk of your certificate expiring on your live site. For, CMS Hub users, your SSL certificate volition be automatically renewed 30 days before it expires.

If automatic renewals aren't bachelor to you, or if you'd prefer to complete the procedure manually, information technology's easy to supersede your SSL certificate when the time comes.

The exact steps will depend on your SSL certificate provider, so consult your provider's documentation for SSL and contact support if needed. However, the process beyond providers is similar. Below, we'll explain the general steps to keep your SSL certificate up to appointment. Information technology doesn't matter if your SSL certificate is all the same valid or if information technology has already expired — the process is the aforementioned.

1. Set reminders for SSL expiration.

Almost document providers can send e-mail alerts reminding you when your document is soon to expire. These emails link direct to the page where you lot tin can purchase a renewal certificate.

Before you demand to update your certificate, enable these e-mail alerts, and complete the renewal procedure when you lot showtime seeing them in your inbox. Avoid putting off your renewal, every bit requests for more expensive certificates may have a week or more to corroborate and exit you lot temporarily without SSL protection.

2. Generate a Certificate Signing Request.

A Certificate Signing Asking (CSR) is a unique, encrypted block of text containing data virtually your site that the CA needs to issue a new SSL certificate. Information technology includes your domain proper name, your organization name, and geographic information. Your CSR will expect something like this:

a CSR code for renewing an SSL certificate

Paradigm Source

You lot must generate a new CSR to renew your SSL document — an old CSR won't work. Depending on your host, you may exist able to generate your CSR with your hosting ambassador panel. Try looking under your Security menu for an SSL/TLS pick. Here, you may see a prompt to generate a CSR.

If you exercise not have access to this pick, reach out to your hosting provider for a CSR.

3. Purchase and activate your new SSL certificate.

With your CSR generated, you can now buy a new SSL certificate from your CA or another provider of selection. Follow the prompts and supply all the requested data, including the CSR you acquired in the previous step.

4. Consummate domain control validation.

Activating your SSL certificate doesn't protect your site but yet. There'southward another validation stride before your new certificate tin can take effect.

Domain control validation (DCV) is ane more protective measure out taken by your CV to ensure that you are who y'all say you are, and that you lot own the domain you're requesting protection for.

Your CA will offer multiple ways to confirm your identity, just almost volition offer an selection to validate via email. With this method, you lot'll receive an email at the address linked to your website. Follow the instructions in the email to complete DCV.

Annotation that owners of arrangement validated certificates and extended validated certificates volition need to submit additional documents to consummate validation.

5. Install your new SSL certificate.

Once your DCV is consummate, you'll receive your SSL certificate files. Based on your certificate type, validation could accept anywhere from an hour to several weeks — plan your renewal accordingly.

If you're requesting a new certificate from your host, your certificate should be added to your site automatically. If not, refer to your server's documentation for uploading and placing your SSL certificate on your server. Then, check all of your pages for "https" in the URL and the padlock icon in the browser bar.

Security updates are abrasive. Practice them anyway.

SSL encryption renewal is one of those tasks that appears every one or two years and can easily slip through the cracks if y'all're not paying attending.

That's why information technology'south all-time to enable automatic renewals if you can. If not at to the lowest degree opt into email notifications and supersede your certificate as soon as possible. When it's time, the process shouldn't take long, and is more than worth information technology for the manufacture-standard protection you lot receive.

New Call-to-action

css introduction

Originally published Mar 10, 2021 seven:00:00 AM, updated March 25 2022