Reissue certificate

Prev Next

Available in Classic and VPC

Advanced certificates can be reissued before expiration. When you lose a private key or need to edit the domain name included in the certificate, you can use the reissuance feature.

Certificates subject to reissuance

Reissuance is available only for Advanced certificates.

Conditions for reissuance

  • The status of the certificate you want to reissue must be normal.
  • The validity period of the certificate you want to reissue must be at least 33 days before expiration.
  • If there are any reissued certificates whose status are "In progress" in the same order, you can't request additional reissuance.
  • The issuance type of the certificate you want to reissue must be original or representative.
    • Original: a certificate issued by Issue certificate. For initial reissuance, select the original certificate and reissue it.
    • Representative: in the order where the certificate whose issuance type is representative exists, select and reissue the representative certificate, not the original. A certificate that is reissued with reissuance and its reissuance type is CASE 2. Add domain name only, CASE 3. Delete domain name only, or CASE 4. Add and delete domain name is considered representative.

Reissuance types

There are 4 types of reissuance. Note that depending on issuance types, all existing certificates may be automatically revoked or additional charges may be incurred after reissuance.

Type Description Existing certificates Charges incurred
CASE 1. Same domain name Reissue a certificate with the same domain name and quantity as the existing certificate. After reissuance, you can continue to use the existing certificate in the order. Valid. None.
CASE 2. Add domain name only Reissue a certificate by adding the domain name in the existing certificate. After reissuance, you can continue to use the existing certificate in the order. Charges are incurred depending on the number of newly added domains. Valid. Charges are incurred based on the number of added domains.
CASE 3. Delete domain name only Reissue a certificate by deleting part of the domain name included in the existing certificate. All existing certificates are revoked in the order 72 hours after reissuance. All existing certificates are revoked after 72 hours. None.
CASE 4. Add and delete domain name Reissue a certificate by deleting part of the domain name included in the existing certificate and adding a new domain name. All existing certificates are revoked in the order 72 hours after reissuance. Charges are incurred depending on the number of newly added domains. All existing certificates are revoked after 72 hours. Charges are incurred based on the number of added domains.
Caution

Note that depending on issuance types, all existing certificates may be automatically revoked or additional charges may be incurred after reissuance. For CASE 4. Add and delete domain name, if there is a domain added during reissuance, charges for the domain are incurred, even if the number of existing certificates is equal to the number of all the domain names.

Reissue

  1. From the NAVER Cloud Platform console, click Services > Security > Certificate Manager > Certificate List in order, then select the Advanced certificate tab.
  2. Select an order and a certificate you want to reissue in the certificate list. The issuance type of the certificate you want to reissue must be original or representative.
    • Original: a certificate issued by Issue certificate. For initial reissuance, select the original certificate and reissue it.
    • Representative: in the order where the certificate whose issuance type is representative exists, select and reissue the representative certificate, not the original. A certificate that is reissued with reissuance and its reissuance type is CASE 2. Add domain name only, CASE 3. Delete domain name only, or CASE 4. Add and delete domain name is considered representative.
  3. After selection, click the Reissue button. When the Reissue screen appears, proceed with the following steps in order:

1. Enter reissuance information

  1. Basic information: enter the certificate name.

  2. Domain name: enter the domain name. At first, it was entered the same as the existing certification. You can keep, delete, or add the domain name.

    • Available domain name types.
      • FQDN (Examples: www.example.com)
      • Apex domain (Examples: example.com)
      • Wild card domain (Examples: *.example.com)

  3. Enter CSR: copy and paste a CSR in PEM format.

    • The CN field must have the same domain name as the information entered into the domain.
    • For OV certificates, organization validation information must be entered correctly in the O, C, ST, and L fields.

  4. Validation method: during reissuance, revalidation is not performed for already validated domains. Domain validation is required only when a newly added domain exists. Select how to validate the ownership of the domain newly added. Once you select a validation method at this stage, you cannot change it later.

    • DNS validation: a method of validation if you have DNS editing permissions. For more information, see DNS validation.
    • Email validation: the validation value sent to the common system management address (reserved email address) should be entered in the Certificate Manager console for validation. For more information, see Email validation.
Note

Since July 17, 2025, the Advanced certificate DNS validation method has changed from registering unique CNAME records to a specific domain to registering unique TXT records per issuance request. All certificates issued before this change will not be affected.

2. Review and request

Review the certificate information you applied for and the validation method.

  • If you selected DNS validation, a validation value is created that you need to enter in the Record Name and Record Value of the DNS TXT after the application is complete. You can view the created validation value and validation status in the certificate details in the Certificate List.
  • If you selected email validation, a validation request email will be sent to the common system management address of the applied domain name after the application is completed. You can view the email address to which the validation request was sent and the validation status in the certificate details in the Certificate List.

3. Application completion

After the application is complete, the certificate status appears as In progress in the Certificate List.

Conditions for certificate reissuance

When you view the certificate details, the status of the domain identical to the existing certificate is Succeeded. If validation for all domains succeeds, the certificate is reissued within minutes. If issued successfully, the certificate status appears as Normal, and information such as issuance date, authentication start date, and authentication end date in the certificate details is updated.

Note

Validation status types include In progress, Succeeded, Timeout, and Failed.

Validation status

Validation status can be viewed in Certificate List > Certificate Details.

Validation status Description
In progress The validation value has been created using the domain ownership validation method selected during the certificate issuance request, and it is currently waiting for the validation results.
Succeeded The domain ownership validation in progress has succeeded.
Timeout The validation has exceeded 72 hours in the In Progress status. The domain ownership validation can no longer proceed after the timeout. A new certificate issuance request is required.
Failed The validation value creation failed using the domain ownership validation method selected during the certificate issuance request. The status may be Failed if email validation fails to send email or DNS validation fails to create a normal validation.

Validation methods

  • If the validation method is DNS validation, 1 DNS validation value is created for each domain.
  • If the validation method is email validation, the validation for the domain succeeds if a validation request is complete for at least 1 email address for each domain.
  • After the certificate application is complete, Certificate Manager checks for successful validation repeatedly for 72 hours. If the validation for all domains you applied for succeeds, the validation status appears as Succeeded and the certificate is issued within minutes.
  • If the validation does not succeed within 72 hours, the certificate status appears as Timeout and the certificate can no longer be issued. If the validation status is Timeout, apply for a new certificate.