If your SSL certificate expires, then users will see a warning message in their browsers telling them that your site may be unsafe. This is bad for your site’s user experience and search engine rankings.
That’s why we recommend always having an up-to-date SSL certificate on your website.
And luckily, renewing an SSL certificate is easier than you might think. We’ve guided a lot of WordPress users through the SSL renewal process, and we are here to share our expert advice.
In this article, we will provide step-by-step instructions on how to renew an SSL certificate.
What Is an SSL Certificate, and Why Should You Renew It?
An SSL certificate acts like a digital passport for your website. It verifies the identity of your website and creates a secure connection between your web server and a user’s browser.
This encrypted connection makes sure that any data exchanged between the website and the user, such as login credentials or credit card information, stays confidential and secure.
Most SSL certificates expire after 1 or 2 years, depending on the type of certificate you are using and your certificate authority (CA). Some certificates lapse before that, like Let’s Encrypt, which expires after 90 days.
If you don’t renew your certificates, then users will see a security warning on their web browsers when they visit your site.
This could scare users away from your website, showing that it might not be safe to visit. As a result, your website traffic will decrease.
It will also negatively impact your WordPress SEO, as sites that have HTTPS have an advantage in search engine rankings over HTTP sites.
That’s why it’s best to renew your SSL certificate to keep your site secure and your visitors happy.
That said, let’s look at how you can renew a certificate for your WordPress site. We will show you 2 methods, and you can use the links below to jump to the method you want to use:
Expert Tip: Are you tired of constant WordPress maintenance tasks like renewing your SSL certificate, updating WordPress core, and making backups? Our WPBeginner Maintenance and Support Services are here to help!
Our expert team can constantly monitor your website and make sure that it’s up-to-date, working well, and secure. We also offer on-demand WordPress support for one-time issues on your website.
Method 1: Automatically Renew SSL Certificate From Hosting Provider
Most WordPress hosting providers offer a free SSL certificate when you purchase domain hosting. They’re usually automatically renewed when the time comes, and you’re also notified via email.
However, you can also manually renew them from your hosting service’s control panel.
For instance, in Bluehost, you can head to the ‘Renewal Center’ from the menu on the left.
After that, you can select the SSL certificate for your website.
Then, simply click the ‘Renew Now’ button to continue.
Next, complete the checkout process and renew your SSL certificate. You can also choose to renew it for more than one year.
Depending on your hosting provider, you can also renew SSL for your domain or set up auto-renewal.
Method 2: Manually Renew SSL Certificate for Your WordPress Site
You can also manually renew your SSL certificates and replace them when they expire.
The exact steps will vary depending on your SSL certificate provider, so it’s a good idea to check your provider’s documentation or contact support if needed.
We will go over the steps to renew your SSL certificate with Bluehost, but the general process should be the same regardless of which web hosting company you currently use.
Step 1: Generating a New Certificate Signing Request (CSR)
To get started, log in to your hosting provider.
From here, you can click on the ‘Settings’ option beneath your website.
After that, you can switch to the ‘Advanced’ tab and scroll down to the ‘cPanel’ section.
The cPanel is a place where you can manage your website and server settings, such as managing domain names, creating email accounts, and even manually renewing your SSL certificate.
Go ahead and click the ‘Manage’ button in the cPanel section.
Once you land in cPanel, you can head over to the Security section.
From here, look for the ‘SSL/TLS’ option and click on it.
On the next screen, you’ll need to click the link under ‘Certificate Signing Requests (CSR).’
A Certificate Signing Request (CSR) is a cryptographic file generated by a server or device that is used to apply for an SSL/TLS certificate.
When applying for an SSL/TLS certificate, the CSR is submitted to a Certificate Authority (CA), which verifies the information provided and issues the SSL certificate if the request is approved.
Here, you’ll be asked to enter the following information:
- Domain(s)
- City
- State
- Country
- Company
It’s also helpful to provide the email where you can be contacted for verification of domain ownership. You can even provide a passphrase, which is used to confirm the identity of the website owner.
Once the required fields are completed, click ‘Generate.’
You should see a success message that says that you’ve generated the Certificate Signing Request.
Below that, you should see a CSR, which is an encrypted block of text that includes information about your site that the CA needs to issue your new SSL certificate.
Make sure to copy this code and keep it handy because you’ll need it to renew your certificate.
Below that, you’ll also see a decoded version of the CSR that details information such as your domain name, organization name, and geographic location.
Step 2: Send Certificate Signing Request to Certificate Authority
Now that you’ve generated a Certificate Signing Request (CSR), the next step is to send it to your Certificate Authority (CA) to purchase the certificate.
Ensure that you send the ‘Encoded Certificate Signing Request’ to the authority of your choice.
There are many popular SSL certification authorities. Some of these include Let’s Encrypt, Google Trust Services, Sectigo, GeoTrust, DigiCert, and more.
You can now follow the steps and provide all the information requested by the CA to renew your SSL certificate.
Step 3: Complete SSL Certificate Validation
For your SSL certificate to be renewed and valid again, the CA will ask to confirm ownership of your domain.
The certificate authority can confirm your domain identity in multiple ways. The most common way is through email, where you can enter the email address associated with your domain.
Other ways might include DNS validation, which requires CNAME records. Or HTTP validation, where you’ll need to upload a file to the server you want to install SSL on.
Once the validation process is finalized and the certificate is renewed, you’ll get a file that will have a .crt
extension (also called CRT file).
Step 4: Upload and Install New SSL Certificate
Next, you can upload and install the new SSL certificate on your website using cPanel.
For instance, in Bluehost, you’ll need to head to cPanel and go to the ‘SSL/TLS’ section.
From the panel on the right, navigate to the Certificates (CRT) section.
Now, click the ‘Generate, view, upload, or delete SSL certificates’ option.
Next, you can paste the certificate code in the text box or upload the CRT file that you received from the certificate authority.
There is also an option to add a description for your SSL certificate. Once that’s done, simply click the ‘Upload Certificate’ button.
Once it’s uploaded, you should see it under the Certificates in the Server section.
From here, simply click the ‘Install’ link for the SSL certificate you just uploaded.
Your new SSL certificate should now be active on your site after the installation process.
To check if it is working properly, you can visit multiple pages on your site and see if they have HTTPS in the URL.
We hope this article helped you learn how to renew an SSL certificate for your WordPress site. You may also want to see our ultimate WordPress security guide and our showcase of the best WordPress security plugins to protect your site.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.