Renewing SSL Certificates With Namecheap: Difference between revisions

Verifying the certificate

• Log in at namecheap.com
• top menu > Hi {username} > Manage SSL Certificates
• Active and expired SSL certificates are listed under Your SSL Certificates

Renewing SSL with Namecheap cPanel

• Log in to cPanel for the site.
• Exclusive for Namecheap customers > Namecheap SSL
• All existing certificates will be listed.
• Click the Install button for the new certificate.

Generating a Certificate Signing Request (CSR)

Creating a new Certificate Signing Request (CSR)

It is not strictly necessary to generate a new CSR if one already exists for a given domain on the server. However, the recommendation is to generate a new CSR each time a certificate is renewed. If one already exists for a domain with a certificate being renewed, it's ok to use the existing CSR.

• Log in to cPanel account
• Security > SSL/TLS Manager
• Private Keys (KEY) > Generate, view, upload, or delete your private keys
• Generate a New Private Key
  • Key Size: (At least 2048 bits)
  • Description: Something that will identify which certificate is using the key, e.g. [DOMAIN_NAME] ([MM/YYYY])
  • Click Generate
• The next page displays the newly generated private key.
  • Click Return to SSL Manager
• Certificate Signing Requests (CSR) > Generate, view, or delete SSL certificate signing requests
• Generate a New Certificate Signing Request (CSR)
  • Key Select the private key that was generated earlier from the dropdown list.
  • Domains Enter the subdomain that will be using the SSL certificate
  • City
  • State
  • Country
  • Company
  • Company Division not required
  • Email
  • Passphrase not required
  • Description not required
  • Click the Generate button
• On the following page copy the text following Encoded Certificate Signing Request: This text is what is needed to enter as the CSR for the SSL certificate.
• A certificate will be issued, after which it needs to be installed for the site.^[1]

Getting the CSR using an existing key

• Log in to cPanel.
• Security > SSL/TLS Manager
• Select the relevant domain from the Keys on Server table > Edit link
• Copy the text following Encoded Private Key:
• Click on the CSR: [domain_name] link at the bottom of the page (right above the "Delete Key" button).
• Copy the text following Encoded CSR:
• This code can be used as the CSR to renew the SSL certificate. ^[2]

Activating and renewing the certificate

Activating the new certificate

• Log in at namecheap.com
• Account > Dashboard > DOMAIN_NAME (will have SSL listed in the "Expiration" column) > Manage button
• Products tab > positivessl table item listed as "NEWRENEWAL" for the domain/subdomain in question > Activate button
• PositiveSSL Certificate
  • (1) CSR
    • Enter CSR: Paste the CSR generated in cPanel.
    • Primary Domain: Will be prefilled after a valid CSR is entered in the CSR field and focus leaves that field.
    • Server Type: Apache, Nginx, cPanel or other
    • Hashing Algorithm: SHA-2
    • Submit button
  • The following page displays the information that was read from the CSR. Confirm by clicking the Next button.
  • (2) Validation
    • DCV Method: Email
    • Approver Email Select an email address associated with the certificate that can be used to complete the validation.
    • Click Next button.
  • (3) Contacts
    • Company Contacts
      • Company Name
      • Address
      • City
      • State
      • Zip/Postal Code
      • Country
      • Other fields are optional.
    • Administrative Contacts
      • Email Address
    • Click Next button
  • (4) Confirm
    • Review the displayed domain and email address and click the Confirm button.
• An email is sent to the chosen email. A link is provided in the email to complete the process.
• Open the email, copy the provided code, and click on the link provided in the email.
• SSL Certificate Validation
  • Paste the validation code in the form field.
  • Click Next button.
• The certificate is then emailed to the chosen email address. At this point the new certificate is activated, but is not yet installed on the server.

Installing a newly activated SSL certificate

• Log in to the website's cPanel dashboard.
• Security > SSL/TLS
• Install and Manage SSL for your site (HTTPS) > Manage SSL sites
• Under Manage Installed SSL Websites > [ssl_domain] > Actions > Update Certificate
• Install an SSL Website
  • Domain [ssl_domain]
  • IP Address Confirm IP address
  • Certificate: (CRT) Paste the CRT attached to the last email sent in the activation process
  • Private Key (KEY) Paste the key associated with the CRT created through cPanel for this certificate
  • Certificate Authority Bundle: (CABUNDLE) leave blank

Confirming a new/renewed certificate

Note that if the old cert has not yet expired, and is still installed on the server, testing the URL using https in a browser will not be a reliable indicator that the certificate is installed and active.

• Return to Namecheap Dashboard > Domain List > certificate domain
• The new certificate should be listed with an expiration date and a Manage button.
• Load the domain in question in a browser using https protocol.

Legacy instructions

These instructions were created prior to a Namecheap website redesign. They are saved here for legacy purposes only.

• Log in at namecheap.com
• top menu > Hi {username} > Manage SSL Certificates
• Click activate or reissue for the targeted certificate.
• Next page ("SSL Certificate - CSR"): Digital Certificate Order Form
  • Select Web Server: Apache + OpenSSL
  • Copy the CSR string from the CSR stored in the site cPanel.
• Next page: Digital Certificate Order Form
  • Approver Email: Select one, e.g. Whois Record Type, if it's a valid email
• Next page: Enter Contact Information for Your SSL Certificate
  • This will be prefilled with either previous settings, or whois contact information. Make any necessary edits.
  • Click the Submit Order button.
• A SSL Certificate Validation email will be sent to the contact email address.
  • Click the validation link in the email.
  • Submit the validation code from the email.
• Another email containing the SSL Certificate will be sent.

Installing the SSL certificate

This information may be deprecated. Try the other methods documented in the article first.

• Log in to cPanel.
• Security > SSL/TLS Manager
• Install and Manage SSL for your site (HTTPS) > Manage SSL Sites
  • Copy the certificate code sent from the certificate authority into the Certificate (CRT) field.
    • The code is sent via email from the certificate authority.
    • At the last renewal, the entity sending the code was "Comodo Security Services".
  • Click the Autofill by Certificate button above the CRT field.
    • The Domain and Private Key field values will be filled in.
    • If everything is ok, green checkmarks will be displayed next to all the fields.
    • Click Install Certificate
  • If all goes well, a SSL Certificate Successfully Updated modal dialog is displayed.
    • Click the OK button.
    • The page is refreshed.
    • The domain should be listed under Manage Installed SSL Websites without any errors or warnings.^[3]
• Immediately after submitting the certificate, navigating to the secure URL in a browser should not generate any errors.

Notes