Renew a certificate
Written by
Updated at October 31, 2024
Certificate Manager initiates the certificate renewal procedure 30 days before it expires. The certificate status will change to Renewing
.
Note
In some cases, certificates can be renewed without any user action. For more information, see Checking rights automatically.
To update a Let's Encrypt certificate:
Management console
API
- In the management console
, select the folder the certificate was added to. - In the list of services, select Certificate Manager.
- In the list, select the certificate with the
Renewing
status to be updated. - In the window that opens, you can find the details you need to pass the domain rights check under Check rights for domains. For more information, see Checking rights for a domain.
- When the domain rights check is passed, the domain check status under Check rights for domains will change to
Valid
. - After the rights check status for all your domains changes to
Valid
, the certificate is issued and its status becomesIssued
.
To renew a certificate, use the update REST API method for the Certificate resource or the CertificateService/Update gRPC API call.
Note
For a successful DNS domain rights check based on a CNAME
record, make sure the _acme-challenge
subdomain of the domain name you are checking has no resource records created, except CNAME
. For example, for the _acme-challenge.example.com.
domain name there should only be a CNAME record and no TXT record.