Available in Classic and VPC
Advanced certificates can be renewed before expiration.
- Certificates can be renewed within the subscription period of the order. The validity period is extended to the maximum allowable duration within the subscription period.
- You can use this feature when you lose a private key or need to edit the domain name included in the certificate.
The maximum validity period of certificates issued by Public SSL/TLS CA, including those issued through Certificate Manager, must comply with CA/B Forum policies.
When extending the certificate usage period, a new certificate can be issued through the renewal function, and the maximum available period follows the subscription period of the order.
Renewal target
Reissuance is available only for Advanced certificates.
Renewal conditions
- The status of the certificate you want to renew must be normal.
- The validity period of the certificate you want to renew must be at least 1 day before expiration.
- If there are any certificates whose status is "In progress" in the same order, you can't request additional renewal.
- The issuance type of the certificate you want to renew must be original or representative.
- Original: A certificate issued by Issue certificate. For initial renewal, select the original certificate and issue it.
- Representative: The most recently issued certificate through renewal becomes the representative certificate. In the order where the certificate whose issuance type is representative exists, select and renew the representative certificate, not the original.
Renewal type
There are 4 types of renewal. Note that depending on renewal types, all existing certificates may be automatically revoked or additional charges may be incurred after renewal.
| Type | Description | Existing certificate | Charges |
|---|---|---|---|
| CASE 1. Same domain name | Renewal is performed with the same domain name and quantity as the existing certificate. After renewal, you can continue to use the existing certificate in the order. | Valid | None |
| CASE 2. Add domain names only | Renewal is performed by adding domain names to the existing certificate. After renewal, you can continue to use the existing certificate in the order. Charges are applied proportionally based on the number of newly added domains and the remaining subscription period (years). | Valid | Charges are applied proportionally to added domains and the remaining subscription period (years). |
| CASE 3. Remove domain names only | Renewal is performed by removing some domain names included in the existing certificate. All existing certificates within the order are revoked 72 hours after renewal. | All existing certificates are revoked after 72 hours. | None |
| CASE 4. Add and delete domain name | Renew a certificate by deleting part of the domain name included in the existing certificate and adding a new domain name. All existing certificates within the order are revoked 72 hours after renewal. Charges are incurred depending on the number of newly added domains. | All existing certificates are revoked after 72 hours. | Charges are applied proportionally to added domains and remaining subscription period. |
Note that depending on renewal types, all existing certificates may be automatically revoked after 72 hours or additional charges may be incurred after renewal. CASE 4. For Add and delete domain name, if there is a domain added during renewal, charges for the domain are incurred, even if the number of existing certificates is equal to the number of all the domain names.
Renewal
- From the NAVER Cloud Platform console, navigate to Menu > Services > Security > Certificate Manager > Certificate List, then click the Advanced certificate tab.
- Select an order and a certificate you want to renew in the certificate list. The issuance type of the certificate you want to renew must be original or representative.
- Original: A certificate issued by Issue certificate. For initial renewal, select the original certificate and renew it.
- Representative: The most recently issued certificate through renewal becomes the representative certificate. In the order where the certificate whose issuance type is representative exists, select and renew the representative certificate, not the original.
- After selection, click Certificate Management > Renewal. When the Renew certificate interface appears, proceed with the following steps in order:
1. Enter renewal information
- Basic information: Enter the certificate name.
- Domain name: Enter the domain name. At first, it is entered the same as the existing certificate. You can keep, delete, or add the domain name.
- Available domain name types.
- FQDN (Example: www.example.com)
- Apex domain (Example: example.com)
- Wildcard domain (Example: *.example.com)
- Available domain name types.
2. Enter CSR
- Copy and paste a CSR in PEM format.
- The CN field must have the same domain name as the domain entered.
- For OV certificates, organization validation information must be entered correctly in the O, C, ST, and L fields.
- Click [Validate CSR] to run validation. Validation must succeed to proceed to the next step.
3. Domain control validation (DCV)
Select how to validate the ownership of the domain you've applied for. Once you select a validation method at this stage, you cannot change it later.
- DNS validation: A method of validation if you have DNS editing permissions. For details, see DNS validation.
4. Review and request
Review the certificate information you requested and the validation method.
- After the request is completed, validation values for DNS Record Type, Record Name, and Record Value are generated based on the selected DNS validation method. You can view the created validation value and validation status in the certificate details in the Certificate List.
5. Subscription completed
After the application is complete, the certificate status appears as In progress in the Certificate List.
Certificate renewal conditions
When you view the certificate details, the status of the domain identical to the existing certificate is Succeeded. If validation for all domains succeeds, the certificate is renewed within minutes. If issued successfully, the certificate status appears as Normal, and information such as issuance date, authentication start date, and authentication end date in the certificate details is updated.
Validation status types include In progress, Succeeded, Timeout, and Failed.
Validation status
Validation status can be viewed in Certificate list > Certificate details.
| Validation status | Description |
|---|---|
| In progress | The validation value has been created using the domain ownership validation method selected during the certificate issuance request, and it is currently waiting for the validation results. |
| Succeeded | The domain ownership validation in progress has succeeded. |
| Timeout | 72 hours have passed while in the In Progress status. The domain ownership validation can no longer proceed after timeout. A new certificate issuance request is required. |
| Failed | The validation value creation failed using the domain ownership validation method selected during the certificate issuance request. The status may fail if email validation fails to send email or DNS validation fails to generate a normal validation value. |
Validation method
- For validation methods, see DNS validation.
- After the certificate application is complete, Certificate Manager repeatedly checks for successful validation for 72 hours. If the validation for all domains you applied for succeeds, the validation status appears as Succeeded and the certificate is issued within minutes.
- If the validation does not succeed within 72 hours, the certificate status appears as Timeout and the certificate can no longer be issued. If the validation status is "Timeout," apply for a new certificate.