You may find that you need to reissue your RapidSSL certificate for numerous reasons during its operational lifespan. Whether you are troubleshooting a technical error or updating your security posture, this short tutorial will go through how to do it hassle-free, ensuring your website remains secure and trusted by browsers.
Security is a dynamic field, and maintaining a valid SSL/TLS configuration is critical for any online presence. Some of the most common reasons that can cause you to reissue your SSL certificate include:
- Private Key Compromise: If your private keys are lost or accessed by unauthorized parties, you must reissue immediately to maintain security.
- SANs Modification: When you are adding or removing Subject Alternative Names (SANs) to cover different domains or subdomains.
- Industry Updates: Compliance with new security standards or CA/Browser Forum requirements.
- Hashing Algorithm Changes: Upgrading from older, less secure algorithms to modern standards like SHA-256.
- Server Migration: Moving your website between different different types of servers often requires a new CSR and certificate reissuance.
- Information Updates: If your organizational details or common name change.
The best thing is that it won't cost you anything to reissue the SSL during the certificate's active timespan. To successfully reissue a RapidSSL Certificate and ensure your VPS hosting environment remains protected, perform the following detailed steps.
π Step 1: Generate a Certificate Signing Request (CSR)
First, you must generate a new Certificate Signing Request (CSR) from your server. For technical assistance with generating your CSR across various platforms, please click here. To ensure maximum encryption strength and be secure, we strictly recommend using at least a 2048-bit key size.
Note: If you generate a new CSR, make sure you save your Private Key in a safe and secure place. You will need this specific key to install the re-validated certificate on your server later. Losing the private key will render the reissued certificate unusable.
π Step 2: Access the RapidSSL User Portal
Once your CSR is ready, you need to access the RapidSSL User Portal managed by DigiCert. Click on the link below and follow the authentication instructions mentioned in the portal. https://www.digicert.com/account/login.php
π Step 3: Navigate to Your Orders
Log in to your CertCentral account. Once you are on the main dashboard, look at the sidebar or top navigation menu and click on Certificates > Orders. This will display a list of all your active and past certificate purchases.
π Step 4: Locate the Specific Certificate
You can find the specific RapidSSL certificate you wish to reissue on the orders page. You can use the search bar or filter by expiration date. Once located, click the Quick View link associated with that order to open the certificate details.
π Step 5: Initiate the Reissue Process
Review the certificate details to ensure it is the correct one. On the right side of the page, you will see the Reissue Certificate section; click it to start the automated workflow.
π Step 6: Add Your New CSR
On the "Reissue Certificate for Order" page, you must provide the CSR you generated in Step 1. Use one of the following two options to add your CSR:
- Click to upload a CSR: Use this link to browse your computer and upload your saved CSR file directly to the Add Your CSR box.
- Paste CSR: Use a text editor (like Notepad or TextEdit) to open your CSR file. Copy the entire block of text, including the
-----BEGIN NEW CERTIFICATE REQUEST-----and-----END NEW CERTIFICATE REQUEST-----tags, and paste it into the provided field.
π Step 7: Verify the Common Name
The system will automatically extract the common name (domain name) from your uploaded CSR. We take the common name in your CSR and add it to the Common Name field. Double-check that this matches the domain you intend to secure.
π Step 8: Select the Payment Method (If Applicable)
In most cases, a reissue is free. However, if you added additional SANs to the reissued order that were not part of the original purchase, you should select the payment method under the Payment Information section. You could skip this step entirely if no new SANs were added.
π Step 9: Select the Signature HASH
Choose the hashing algorithm for your certificate. Please note that SHA-256 is currently the only signature hash available and supported for Domain Validated (DV) certificates due to its high security standards.
π Step 10: Select the DCV Method
You must prove that you own the domain. In the Domain Control Validation (DCV) verification method drop-down list, choose the method you want to use. Common methods include:
- Email Validation: Receiving a code via an authorized domain email.
- DNS TXT Record: Adding a specific record to your DNS settings.
- HTTP Practical Demonstration: Uploading a file to your web server.
π Step 11: Provide the Reissue Reason
As a final administrative requirement, add the reason for the reissue of the SSL certificate (e.g., "Server migration" or "Key compromise") in the text box provided.
π Step 12: Submit the Request
Review all the entered information one last time. Click on Request Reissue to get the SSL reissue request sent to the Certificate Authority for approval.
β Conclusions
When you request a certificate to be re-issued, the issuing certificate authority (CA) must go through the validation process again to ensure the security of the web ecosystem. The good news is that if they have already completed this process for your order previously, the re-validation typically goes very quickly and smoothly.
However, if you are reissuing a type of certificate that requires a final verification call (such as OV or EV certificates), the CA will need to perform that identity verification call again. Keep an ear out for that call; contact the support department or the CA if you don't receive it within 24 hours.
Note on Common Errors: If you encounter issues during this process, such as the ERR_SSL_PROTOCOL_ERROR, it may indicate a mismatch between your certificate and the server configuration. Always ensure your web server, whether it's a Windows VPS or Linux server, is correctly pointed to the new certificate files.
IMPORTANT NOTE: If the Reissue option is not available or appears disabled in your portal, please contact the Customer Support Department to request a manual re-issuance.
Email: orderprocessing@rapidssl.com
After you complete the validation process and have received the reissued SSL Certificate via email or download, you can proceed to install the new certificate on your server. Proper installation is the final step in securing your traffic and protecting your users' data.
π SSL Reissue Quick Reference Table
| Feature | Requirement | Notes |
| Cost | $0 (Free) | Unlimited reissues during the certificate term. |
| New CSR | Mandatory | Always generate a fresh 2048-bit CSR. |
| Validation | Required | Domain validation (DCV) must be repeated. |
| Timeframe | Minutes to Hours | DV certificates are usually reissued instantly after DCV. |
People also read:
Leave A Comment