User Guide
Certificate Operations
Renewal Process

Renewal Process

Certificates expire to ensure security rotation. TrustLab simplifies the renewal process so you don't experience downtime.

When to Renew

You will receive an email notification:

  • 30 days before expiration.
  • 7 days before expiration.
  • 1 day before expiration.

How to Renew (Manual Re-issue)

To renew a certificate, you simply generate a fresh one with the same domain name.

  1. Go to Certificates and click "Generate New".
  2. Identity: Enter the same Common Name (CN) as your expiring certificate.
  3. Generate: The system will issue a new certificate with a fresh validity period.
  4. Replace: Download the new .crt (and .key if you didn't reuse the CSI) and replace the files on your server.

[!NOTE] The old certificate will remain valid until it expires naturally. You can safely delete it after verifying the new one works.

What Happens Next?

  • A new certificate is generated with a new validity period.
  • The Private Key remains the same (if "Reuse Key" was selected) OR a new key is generated (recommended).
  • The old certificate remains valid until its original expiration date (unless revoked).

[!IMPORTANT] You must download and install the new certificate on your server. Renewal does not happen automatically on the server side unless you use our ACME integration.

Download & FormatsRevocation