How do I renew my website's SSL certificate?
If your website is unexpectedly showing an error message saying the "certificate is not valid" or that the "connection is not private" or similar, then your website's SSL certificate has expired.
An SSL certificate is used to make your website more secure - without it, browsers may indicate it is "not secure".
SSL certificates periodically require renewal - if left to expire, a website using that certificate will become inaccessible.
Through Aiir, you can set up SSL for your website in one of two ways, and this has implications on how renewal works.
- You validated your domain name using email.
If you chose this method when setting up SSL, then you will need to renew the certificate annually. In the weeks leading up to the renewal date, you will receive alerts via email to the same addresses which were used when you initially validated your domain name. They are firstname.lastname@example.org, hostmaster@, postmaster@, webmaster@ and admin@. The emails explain how to renew your certificate and have subject lines containing "Your certificate renewal" with increasing urgency. If you don't act on these emails then your certificate will expire at the end of the period, and your website will become unavailable until you take action (see below).
- You validated your domain name using DNS.
If you chose this method when setting up SSL and leave the provided DNS records in place, renewal will be taken care of automatically. You will only be contacted if the DNS records are removed or are in some other way unavailable. It is strongly recommended to leave the DNS records in place so there is no further admin or concern in future. DNS validation was not initially an option when we introduced SSL/HTTPS on Aiir.
If your website's SSL certificate has expired then it is not possible to renew it - instead you must replace it.
To do this:
- Go to the Site Settings section of Aiir and select the HTTPS section.
- Follow the instructions for disabling HTTPS.
- If you're concerned about disabling HTTPS at this point, don't be - your website is already unavailable anyway and will continue to be until this is resolved.
- If you have multiple websites using the same expired SSL certificate, disable HTTPS for each of them before continuing. Click Site Settings at the top to change site.
- Once HTTPS has been disabled, the HTTPS page will guide you through setting up again.
- You will have to validate using DNS, email validation is no longer available. So long as the DNS record(s) are left in place, you won't need to repeat this process again in future.
- If you're setting up HTTPS for multiple domains, you will need to validate all of the domains before HTTPS can be re-enabled on all of the websites.