cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution

SSL auto renew

I understand that when a wildcard SSL certificate automatically renews, it still needs to be rekeyed to be usable.  Does that mean I'll have to reinstall the rekeyed certificate on each of my subdomains?  If so, is there any way to automated that process?

1 ACCEPTED SOLUTION

I'm sorry I should have started by saying - if you use one of the control panels that integrate SSL then you can use them to easily manage renewals from their dashboards. There is an overview of the process for the GoDaddy cPanel here: https://www.godaddy.com/garage/how-to-install-an-ssl-certificate-on-cpanel/

 

If you go beyond that you would become responsible for installing new certificates to services not managed by GoDaddy control panel (i.e., cPanel).

 

"Re-keying" - I think this makes the topic unnecessarily complicated. Automatic renewals should do all for you - from generating keys, submitting certificate requests and pulling new certificates.

 

Dan

View solution in original post

3 REPLIES 3
Resolver III

Even without re-keying (i.e., using the same private key) the new certificate will be different (serial number and validity times will be different at the very least).

 

Which means that you always need to install the new certificate on all subdomains. Automating it - it's possible but very likely too complex to implement for just one certificate. The first problem is to find all the places where the old cert is installed (single domain and SNI certificates are much easier - they have a list of domain names).

The second problem - you would need to install some kind of software agents at each of the subdomains and create a mechanism to distributed the new private key and cert to all of those software agents.

 

Dan

 

———

I've worked around (not only) SSL security for over 20 years in enterprises and startups. 

I am now running an HTTPS expiry management service KeyChest.net

GoDaddy's tech support just told me that so long as GoDaddy is issuing my wildcard SSL certificate and hosting the subdomains that are secured by it, those subdomains will all remain secured when my certificate automatically renews.  They say I won't even need to re-key my SSL certificate.  I'm confused.

I'm sorry I should have started by saying - if you use one of the control panels that integrate SSL then you can use them to easily manage renewals from their dashboards. There is an overview of the process for the GoDaddy cPanel here: https://www.godaddy.com/garage/how-to-install-an-ssl-certificate-on-cpanel/

 

If you go beyond that you would become responsible for installing new certificates to services not managed by GoDaddy control panel (i.e., cPanel).

 

"Re-keying" - I think this makes the topic unnecessarily complicated. Automatic renewals should do all for you - from generating keys, submitting certificate requests and pulling new certificates.

 

Dan

View solution in original post