- Release Notes
- Announcements
- Price Change to DigiCert SSL Certificates
- TrustAsia Root Certificate Update
- Domain Validation Policy Update
- SSL Certificate Service Console
- Multi-Year SSL Certificate and Automatic Review
- Notice on Stopping the Issuance of 2-Year SSL Certificates by CAs Starting from September 1, 2020
- Announcement on Stop Using the Symantec SSL Certificate Name After 30 April 2020
- Notice on Certificate Revocation Due to Private Key Compromises
- Notice on Application Limits for DV SSL Certificates
- Notice on Adjustment of Free SSL Certificates Policy
- Let's Encrypt Root Certificate Expired on September 30, 2021
- Product Introduction
- Purchase Guide
- Getting Started
- Certificate Application
- Domain Ownership Validation
- Operation Guide
- Certificate Installation
- Installing an SSL Certificate on a Tencent Cloud Service
- Installation of International Standard Certificates
- Installing an SSL Certificate on an Nginx Server
- Installing an SSL Certificate on an Apache Server (Linux)
- Installing an SSL Certificate on an Apache Server (Windows)
- Installing an SSL Certificate (JKS Format) on a Tomcat Server (Linux)
- Installing an SSL Certificate (JKS Format) on a Tomcat Server
- Installing an SSL Certificate (PFX Format) on a Tomcat Server
- Installing an SSL Certificate on a GlassFish Server
- Installing an SSL Certificate on a JBoss Server
- Installing an SSL Certificate on a Jetty Server
- Installing an SSL Certificate on an IIS Server
- Installing a Certificate on WebLogic Servers
- Selecting an Installation Type for an SSL Certificate
- Certificate Management
- Tencent Cloud Certificate Benefit Point Package Management
- Uploading (Hosting) an SSL Certificate
- Reminding Reviewers to Review an SSL Certificate Application
- Revoking an SSL Certificate
- Deleting an SSL Certificate
- Reissuing an SSL Certificate
- Ignoring SSL Certificate Notifications
- Customizing SSL Certificate Expiration Notifications
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Certificate APIs
- CancelAuditCertificate
- CreateCertificate
- DescribeHostUpdateRecord
- DescribeHostUpdateRecordDetail
- ModifyCertificateResubmit
- UpdateCertificateInstance
- UpdateCertificateRecordRetry
- UpdateCertificateRecordRollback
- CreateCertificateBindResourceSyncTask
- DescribeCertificateBindResourceTaskDetail
- DescribeCertificateBindResourceTaskResult
- UploadConfirmLetter
- DescribeHostTeoInstanceList
- UploadCertificate
- SubmitCertificateInformation
- ReplaceCertificate
- ModifyCertificateProject
- ModifyCertificateAlias
- DownloadCertificate
- DescribeCertificates
- DescribeCertificateOperateLogs
- DescribeCertificateDetail
- DescribeCertificate
- DeleteCertificate
- CommitCertificateInformation
- CancelCertificateOrder
- ApplyCertificate
- CSR APIs
- Data Types
- Error Codes
- Practical Tutorial
- Automatic Solution for Implementing and Issuing Multi-Year Certificates and Binding Resources
- Apple ATS Server Configuration
- Quickly Applying for a Free SSL Certificate via DNSPod
- Enabling Tencent Cloud DDNS and Installing Free Certificates for Synology NAS
- Batch Applying for and Downloading Free Certificates Using Python-based API Calls
- Profile Management
- Troubleshooting
- Domain Validation Failed
- Domain Security Review Failed
- Website Inaccessible After an SSL Certificate is Deployed
- 404 Error After the SSL Certificate is Deployed on IIS
- “Your Connection is Not Secure” is Displayed After the SSL Certificate is Installed
- Message Indicating Parsing Failure Is Displayed When a Certificate Is Uploaded
- Automatic DNS Validation Failed for a Domain Hosted with www.west.cn
- Host Name Field Cannot Be Edited in IIS Manager When Type Is Set to https
- Message Indicating Intermediate Certificates Missing in Chain Is Displayed When a Free SSL Certificate Is Deployed on IIS
- FAQs
- SSL Certificate Selection
- SSL Certificate Application
- Quota of Free SSL Certificates
- How to Fill In the Domains Bound to an SSL Certificate During the Application?
- Wildcard SSL Certificates
- Why Does the Order Status Not Changed After a Notification Email Is Received from a CA?
- Can the TXT Records for Domain Name Resolution Configured in the Certificate Be Deleted?
- What Is CSR?
- How Do I Make a CSR File?
- What Is Private Key Password?
- Forgot Your Private Key Password?
- Can an SSL Certificate Be Revoked?
- What are the differences between RSA and ECC?
- What Should I Do If the Console Prompts That "The Certificate Is Bound to Tencent Cloud Resources and Cannot Be Revoked" When I Submit an SSL Certificate Revocation Application?
- What’s the Difference Between Certificate Reissue and Reapplication?
- Which SSL Certificate Types Are Supported for Mini Programs?
- SSL Certificate Management
- SSL Certificate Installation
- What Should I Do If the Host Name Field Is Uneditable in the IIS Manager?
- How Do I Enable Port 443 for a Server?
- Why Does the Website Prompt “Connection Is Untrusted"?
- How Do I Install OpenSSL?
- How Can I Set TLS Versions for SSL Certificates?
- How Can I Combine an SSL Certificate Chain?
- Can Tencent Cloud SSL Certificates Be Used for WebSocket?
- How Do I Enable the IIS Service?
- What Should I Do If I Am Prompted That HTTPS Is Not Secure After Reapplying for Deployment upon Expiration of the SSL Certificate?
- SSL Certificate Region
- SSL Certificate Review
- SSL Certificate Taking Effect
- Is the Original SSL Certificate Still Valid After the Server IP Address Is Changed?
- How Do I Check in a Browser Whether an SSL Certificate Has Taken Effect?
- What Should I Do If GlobalSign Certificates Are Not Supported in Windows 7?
- What Should I Do If the Issue of a Free SSL Certificate Takes Too Long or Failed?
- SSL Certificate Billing and Purchase
- SSL Certificate Validity Period
- SSL Service Level Agreement
- Contact Us
- Glossary
- Release Notes
- Announcements
- Price Change to DigiCert SSL Certificates
- TrustAsia Root Certificate Update
- Domain Validation Policy Update
- SSL Certificate Service Console
- Multi-Year SSL Certificate and Automatic Review
- Notice on Stopping the Issuance of 2-Year SSL Certificates by CAs Starting from September 1, 2020
- Announcement on Stop Using the Symantec SSL Certificate Name After 30 April 2020
- Notice on Certificate Revocation Due to Private Key Compromises
- Notice on Application Limits for DV SSL Certificates
- Notice on Adjustment of Free SSL Certificates Policy
- Let's Encrypt Root Certificate Expired on September 30, 2021
- Product Introduction
- Purchase Guide
- Getting Started
- Certificate Application
- Domain Ownership Validation
- Operation Guide
- Certificate Installation
- Installing an SSL Certificate on a Tencent Cloud Service
- Installation of International Standard Certificates
- Installing an SSL Certificate on an Nginx Server
- Installing an SSL Certificate on an Apache Server (Linux)
- Installing an SSL Certificate on an Apache Server (Windows)
- Installing an SSL Certificate (JKS Format) on a Tomcat Server (Linux)
- Installing an SSL Certificate (JKS Format) on a Tomcat Server
- Installing an SSL Certificate (PFX Format) on a Tomcat Server
- Installing an SSL Certificate on a GlassFish Server
- Installing an SSL Certificate on a JBoss Server
- Installing an SSL Certificate on a Jetty Server
- Installing an SSL Certificate on an IIS Server
- Installing a Certificate on WebLogic Servers
- Selecting an Installation Type for an SSL Certificate
- Certificate Management
- Tencent Cloud Certificate Benefit Point Package Management
- Uploading (Hosting) an SSL Certificate
- Reminding Reviewers to Review an SSL Certificate Application
- Revoking an SSL Certificate
- Deleting an SSL Certificate
- Reissuing an SSL Certificate
- Ignoring SSL Certificate Notifications
- Customizing SSL Certificate Expiration Notifications
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Certificate APIs
- CancelAuditCertificate
- CreateCertificate
- DescribeHostUpdateRecord
- DescribeHostUpdateRecordDetail
- ModifyCertificateResubmit
- UpdateCertificateInstance
- UpdateCertificateRecordRetry
- UpdateCertificateRecordRollback
- CreateCertificateBindResourceSyncTask
- DescribeCertificateBindResourceTaskDetail
- DescribeCertificateBindResourceTaskResult
- UploadConfirmLetter
- DescribeHostTeoInstanceList
- UploadCertificate
- SubmitCertificateInformation
- ReplaceCertificate
- ModifyCertificateProject
- ModifyCertificateAlias
- DownloadCertificate
- DescribeCertificates
- DescribeCertificateOperateLogs
- DescribeCertificateDetail
- DescribeCertificate
- DeleteCertificate
- CommitCertificateInformation
- CancelCertificateOrder
- ApplyCertificate
- CSR APIs
- Data Types
- Error Codes
- Practical Tutorial
- Automatic Solution for Implementing and Issuing Multi-Year Certificates and Binding Resources
- Apple ATS Server Configuration
- Quickly Applying for a Free SSL Certificate via DNSPod
- Enabling Tencent Cloud DDNS and Installing Free Certificates for Synology NAS
- Batch Applying for and Downloading Free Certificates Using Python-based API Calls
- Profile Management
- Troubleshooting
- Domain Validation Failed
- Domain Security Review Failed
- Website Inaccessible After an SSL Certificate is Deployed
- 404 Error After the SSL Certificate is Deployed on IIS
- “Your Connection is Not Secure” is Displayed After the SSL Certificate is Installed
- Message Indicating Parsing Failure Is Displayed When a Certificate Is Uploaded
- Automatic DNS Validation Failed for a Domain Hosted with www.west.cn
- Host Name Field Cannot Be Edited in IIS Manager When Type Is Set to https
- Message Indicating Intermediate Certificates Missing in Chain Is Displayed When a Free SSL Certificate Is Deployed on IIS
- FAQs
- SSL Certificate Selection
- SSL Certificate Application
- Quota of Free SSL Certificates
- How to Fill In the Domains Bound to an SSL Certificate During the Application?
- Wildcard SSL Certificates
- Why Does the Order Status Not Changed After a Notification Email Is Received from a CA?
- Can the TXT Records for Domain Name Resolution Configured in the Certificate Be Deleted?
- What Is CSR?
- How Do I Make a CSR File?
- What Is Private Key Password?
- Forgot Your Private Key Password?
- Can an SSL Certificate Be Revoked?
- What are the differences between RSA and ECC?
- What Should I Do If the Console Prompts That "The Certificate Is Bound to Tencent Cloud Resources and Cannot Be Revoked" When I Submit an SSL Certificate Revocation Application?
- What’s the Difference Between Certificate Reissue and Reapplication?
- Which SSL Certificate Types Are Supported for Mini Programs?
- SSL Certificate Management
- SSL Certificate Installation
- What Should I Do If the Host Name Field Is Uneditable in the IIS Manager?
- How Do I Enable Port 443 for a Server?
- Why Does the Website Prompt “Connection Is Untrusted"?
- How Do I Install OpenSSL?
- How Can I Set TLS Versions for SSL Certificates?
- How Can I Combine an SSL Certificate Chain?
- Can Tencent Cloud SSL Certificates Be Used for WebSocket?
- How Do I Enable the IIS Service?
- What Should I Do If I Am Prompted That HTTPS Is Not Secure After Reapplying for Deployment upon Expiration of the SSL Certificate?
- SSL Certificate Region
- SSL Certificate Review
- SSL Certificate Taking Effect
- Is the Original SSL Certificate Still Valid After the Server IP Address Is Changed?
- How Do I Check in a Browser Whether an SSL Certificate Has Taken Effect?
- What Should I Do If GlobalSign Certificates Are Not Supported in Windows 7?
- What Should I Do If the Issue of a Free SSL Certificate Takes Too Long or Failed?
- SSL Certificate Billing and Purchase
- SSL Certificate Validity Period
- SSL Service Level Agreement
- Contact Us
- Glossary
Overview
This document describes how to reissue an SSL certificate, in case your certificate key has been compromised, or you need to generate a new certificate due to other reasons.
Note:
Certificate reissue is available only if your certificate has been issued and will expire in more than 30 days.
Each free DV certificate can be reissued only once.
If the certificate of a subdomain under a primary domain is being reissued, certificates of other subdomains under this primary domain cannot be reissued at the same time.
In the reissue process, the reissue feature of the certificate is disabled, and you cannot apply for a reissue for this certificate again.
Certificate reissue will not renew the certificate. In other words, the validity period will be the same as the original one.
Prerequisites
Directions
Selecting the certificate to be reissued
1. Go to the My Certificates page, select the target certificate, and click More > Reissue.
2. Go to the Certificate Reissue Application page and verify your certificate or submit the required information based on your certificate type. For more information, see Reissuing different types of certificates.
Reissuing different types of certificates
WoTrus/DNSPod (OV/EV)
Reissuing WoTrus international standard certificates and DNSPod Chinese SM (SM2) OV/EV certificates
1. On the Certificate re-issuance application page, select a CSR algorithm, enter and confirm the configurations, and click **Next.
Using the CSR of the original certificate: Use the CSR of the original certificate.
Generating a CSR online: Generate and manage the CSR by Tencent Cloud SSL Certificate Service.
Using an existing CSR: Paste the content of an existing CSR to the certificate.
Binding the certificate to a domain: Enter a single domain, such as
tencent.com or ssl.tencent.com.Selecting an algorithm: Select the encryption algorithm for the certificate to be reissued.
Key length: Select the key length for the certificate to be reissued.
Private key password: To ensure the security of your private key, password recovery is NOT supported, so keep the password in mind.
Note:
If you need to deploy the SSL certificate to Tencent Cloud services such as CLB and CDN, do not enter the private key password.
Reissue reason: Enter the reissue reason in brief.
2. In the pop-up window, click Confirm.
3. Validate the domain ownership on the “Domain Ownership Validation” page, and click Validate Now after operations are completed.
4. After your domain is validated, wait for manual approval, upon which the certificate will be reissued. For more information on how to validate a domain, see Domain Validation Guide.
Note:
If you have successfully applied for this certificate and the organization information submitted in the re-application is consistent with that recorded in the system, manual approval is not required.
If the span between the reissue submission time and original issue time is less than three days, domain validation is not required.
If the submitted CSR is different from that of the original certificate, domain validation is required; otherwise, it is not required.
Other brands (OV/EV)
Reissuing OV/EV certificates of other brands
1. On the Certificate re-issuance application page, select a CSR algorithm, confirm other configurations, and click Next.
Using the CSR of the original certificate: Use the CSR of the original certificate.
Generating a CSR online: Generate and manage the CSR by Tencent Cloud SSL Certificate Service.
Using an existing CSR: Paste the content of an existing CSR to the certificate.
Binding the certificate to a domain: Enter a single domain, such as
tencent.com or ssl.tencent.com.Selecting an algorithm: Select the encryption algorithm for the certificate to be reissued.
Key length: Select the key length for the certificate to be reissued.
Private key password: To ensure the security of your private key, password recovery is NOT supported, so keep the password in mind.
Note:
If you need to deploy the SSL certificate to Tencent Cloud services such as CLB and CDN, do not enter the private key password.
Reissue reason: Enter the reissue reason in brief.
2. In the pop-up window, click Confirm.
3. CA will contact you offline for identity verification. Please pay heed to your emails and phone calls.
(DV) Paid
Reissuing paid DV certificates
1. On the Certificate re-issuance application page, select a CSR algorithm, enter and confirm the configurations, and click **Confirm.
Using the CSR of the original certificate: Use the CSR of the original certificate.
Generating a CSR online: Generate and manage the CSR by Tencent Cloud SSL Certificate Service.
Using an existing CSR: Paste the content of an existing CSR to the certificate.
Binding the certificate to a domain: Enter a single domain, such as
tencent.com or ssl.tencent.com.Selecting an algorithm: Select the encryption algorithm for the certificate to be reissued.
Key length: Select the key length for the certificate to be reissued.
Private key password: To ensure the security of your private key, password recovery is NOT supported, so keep the password in mind.
Note:
If you need to deploy the SSL certificate to Tencent Cloud services such as CLB and CDN, do not enter the private key password.
Reissue reason: Enter the reissue reason in brief.
2. In the pop-up window, click Confirm.
3. On the Validate Domain page, verify the domain ownership and click Validate. For more information on how to validate a domain, see Domain Validation Guide.
Note:
If your DV certificate is purchased from TrustAsia (2-year or 3-year wildcard domain) and you have configured automatic DNS or file validation for the domain you are applying for, ownership verification is not required.
4. After the domain is verified, the reissue is completed.
Note:
In the last 13 months, if domain identity verification has been completed for the certificate to be reissued using the same organization name, domain validation will not be performed.
If the span between the reissue submission time and original issue time is less than three days, domain validation is not required.
If the submitted CSR is different from that of the original certificate, domain validation is required; otherwise, it is not required.
(DV) Free
Reissuing free DV certificates
1. On the Certificate re-issuance application page, enter and confirm the configurations, and click Next.
Selecting an algorithm: Select the encryption algorithm for the certificate to be reissued.
Private key password: To ensure the security of your private key, password recovery is NOT supported, so keep the password in mind.
Note:
If you need to deploy the SSL certificate to Tencent Cloud services such as CLB and CDN, do not enter the private key password.
2. In the pop-up window, click Confirm.
3. Go to the Domain ownership validation page. The validation method that is used when you first applied for this certificate will be used. You can perform validation as you did before.
4. After your domain is validated successfully, the certificate will be reissued. For more information on how to validate a domain, see Domain Validation Guide.
Yes
No
Was this page helpful?