tencent cloud


Reissuing an SSL Certificate

Last updated: 2022-09-14 17:31:16


    This document describes how to reissue an SSL certificate, in case your certificate key has been compromised, or you need to generate a new certificate due to other reasons.


    • Certificate reissue is only available if your certificate has been issued and its remaining effective time is longer than 30 days.
    • Each free DV certificate can only be reissued once.
    • If the certificate of a sub-domain under a primary domain is being reissued, certificates of other sub-domains under this primary domain cannot be reissued at the same time.
    • During the reissue process, the reissue feature of this certificate is disabled, and you cannot apply for a reissue for this certificate again.
    • Certificate reissue will not renew the certificate. In other words, the validity period will be the same as the original one,


    Log in to the SSL Certificate Service console and successfully applied for an SSL certificate.


    Selecting certificate reissue

    1. Go to the My Certificates page and select the certificate to reissue. Then, click More > Reissue.
    2. Go to the Certificate re-issuance application page and verify your certificate or submit the required materials based on your certificate type. For more information, see Reissuing different types of certificates.

    Reissuing different types of certificates

    Reissuing Wotrus international standard certificates and DNSPod SM (SM2) OV/EV certificates

    1. On the Certificate re-issuance application page, select a CSR algorithm, enter and confirm the configurations, and click Next.
    • Using the CSR of the original certificate: Use the CSR of the original certificate.

    • Generating a CSR online: Generate and manage the CSR by Tencent Cloud SSL Certificate Service.

    • Using an existing CSR: Paste the content of an existing CSR to the certificate.

    • Binding the certificate to a domain: Enter a single domain, such as tencent.com or ssl.tencent.com.

    • Selecting an algorithm: Select the encryption algorithm for the certificate to be reissued.

    • Key length: Select the key length for the certificate to be reissued.

    • Private key password: To ensure the security of your private key, password recovery is NOT supported, so keep the password in mind.
      If you need to deploy Tencent Cloud services such as CLB and CDN, don′t enter the private key password.

    • Reissue reason: Enter the reissue reason in brief.

    1. In the pop-up window, click Confirm.
    2. Validate the domain ownership on the “Domain Ownership Validation” page, and click Validate Now after operations are completed.
    3. Manual approval is required upon domain ownership validation, and then the certificate will be reissued. For validation instructions, see Domain Ownership Validation.


    • If you have successfully applied for this certificate, manual approval is omitted when the enterprise info submitted in re-application is consistent with that recorded in the system.
    • If the span between the reissue submission time and original issue time is less than 3 days, domain ownership validation is not required.
    • If the submitted CSR is different from that of the original certificate, domain ownership needs to be validated. If they are the same, validation is not needed.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support