By default, an official SSL certificate is valid for 397 days. If a certificate expires, your website becomes inaccessible, and other potential business risks may occur. We recommend that you pay attention to the validity period of your certificate and renew the certificate before it expires. This topic describes the conditions and process for certificate renewal. This topic describes also describes the operations that can be performed after renewal.
Renewal
If your certificate has expired, you cannot renew the certificate. You must purchase a new certificate. For more information, see Purchase SSL certificates.
After a certificate is renewed, the new certificate is independent of the original certificate. You must submit an application for the new certificate and install the new certificate after it is issued.
Remaining validity period
In most cases, the remaining validity period of an original certificate can be carried over to the new certificate. For example, a certificate expires on August 1, 2024. If the certificate is renewed and the new certificate is issued on July 20, 2024, the validity period of the new certificate starts on July 20, 2024 and ends on August 1, 2025.
The remaining validity period of a certificate that you renew cannot be carried over to the new certificate in the following scenarios:
The specifications of the new certificate are different from the specifications of the original certificate. The specifications include Domain Type, Certificate Type, and Brand.
The original certificate is a third-party certificate that is uploaded.
The original certificate has expired and the new certificate is newly purchased.
Prerequisites
The remaining validity period of your certificate is less than 30 calendar days. The Renewal purchase button is displayed for a certificate only within 30 calendar days before the certificate expires.
The certificate is issued by GlobalSign.
Procedure
Log on to the Certificate Management Service console.
In the left-side navigation pane, choose .
On the SSL Certificate Management page, click the Official Certificate or Manage Uploaded Certificates tab, and select Pending Expiration from the certificate status drop-down list.
In the certificate list, find the certificate that you want to renew, click Renewal purchase in the Actions column, and then follow the instructions to complete the payment.
The system automatically specifies the same parameter values for the new certificate as those of the certificate you want to renew. You do not need to modify the values. After the certificate is renewed, the new certificate appears below the original certificate that is about to expire. The icon is displayed to the left of the new certificate. The icon indicates that the new certificate is associated with the original certificate. The validity period of the original certificate remains unchanged.
The new certificate is in the Pending Application state. You must perform operations, such as submitting an application for the new certificate and cooperating with the certificate authority (CA) staff, to complete the verification of domain name ownership and the review of application materials. After the CA approves the certificate application, the CA issues the new certificate. For more information, see Apply for a certificate.
NoteIf Not Activated is displayed in the Status column for a new certificate, the new certificate is hosted. If the validity period of the original certificate is less than 30 days, the system submits an application for the new certificate. To prevent your business from being affected due to an application failure, you must cooperate with the CA staff to complete the certificate application. If a certificate in the Not Activated state is canceled, the consumed certificate quota is returned.
References
For more information about how to submit a certificate application for a new certificate, see Apply for a certificate.
For more information about how to deploy a new certificate to your Alibaba Cloud service or install the certificate on your web server after the certificate is issued, see Installation overview.