Renewing SSL Certificates With Namecheap

Verifying the certificate

• Log in at namecheap.com
• top menu > Hi {username} > Manage SSL Certificates
• Active and expired SSL certificates are listed under Your SSL Certificates

Renewing SSL with Namecheap cPanel

• Log in to cPanel for the site.
• Exclusive for Namecheap customers > Namecheap SSL
• All existing certificates will be listed.
• Click the Install button for the new certificate.

Generating a Certificate Signing Request (CSR)

Creating a new Certificate Signing Request (CSR)

It is not strictly necessary to generate a new CSR if one already exists for a given domain on the server. However, the recommendation is to generate a new CSR each time a certificate is renewed. If one already exists for a domain with a certificate being renewed, it's ok to use the existing CSR.

• Log in to cPanel account
• Security > SSL/TLS Manager
• Private Keys (KEY) > Generate, view, upload, or delete your private keys
• Generate a New Private Key
  • Key Size: (At least 2048 bits)
  • Description: Something that will identify which certificate is using the key, e.g. [DOMAIN_NAME] ([MM/YYYY])
  • Click Generate
• The next page displays the newly generated private key.
  • Click Return to SSL Manager
• Certificate Signing Requests (CSR) > Generate, view, or delete SSL certificate signing requests
• Generate a New Certificate Signing Request (CSR)
  • Key Select the private key that was generated earlier from the dropdown list.
  • Domains Enter the subdomain that will be using the SSL certificate
  • City
  • State
  • Country
  • Company
  • Company Division not required
  • Email
  • Passphrase not required
  • Description not required
  • Click the Generate button
• On the following page copy the text following Encoded Certificate Signing Request: This text is what is needed to enter as the CSR for the SSL certificate.
• A certificate will be issued, after which it needs to be installed for the site.^[1]

Getting the CSR using an existing key

• Log in to cPanel.
• Security > SSL/TLS Manager
• Select the relevant domain from the Keys on Server table > Edit link
• Copy the text following Encoded Private Key:
• Click on the CSR: [domain_name] link at the bottom of the page (right above the "Delete Key" button).
• Copy the text following Encoded CSR:
• This code can be used as the CSR to renew the SSL certificate. ^[2]

Activating and renewing the certificate

• Log in at namecheap.com
• Account > Dashboard > DOMAIN_NAME (will have SSL listed in the "Expiration" column) > Manage button
• Products tab > positivessl table item listed as "NEWRENEWAL" for the domain/subdomain in question > Activate button
• PositiveSSL Certificate
  • (1) CSR
    • Enter CSR: Paste the CSR generated in cPanel.
    • Primary Domain: Will be prefilled after a valid CSR is entered in the CSR field and focus leaves that field.
    • Server Type: Apache, Nginx, cPanel or other
    • Hashing Algorithm: SHA-2
    • Submit button
  • The following page displays the information that was read from the CSR. Confirm by clicking the Next button.
  • (2) Validation
    • DCV Method: Email
    • Approver Email Select an email address associated with the certificate that can be used to complete the validation.
    • Click Next button.
  • (3) Contacts
    • Company Contacts
      • Company Name
      • Address
      • City
      • State
      • Zip/Postal Code
      • Country
      • Other fields are optional.
    • Administrative Contacts
      • Email Address
    • Click Next button
  • (4) Confirm
    • Review the displayed domain and email address and click the Confirm button.
• An email is sent to the chosen email. A link is provided in the email to complete the process.
• Open the email, copy the provided code, and click on the link provided in the email.
• SSL Certificate Validation
  • Paste the validation code in the form field.
  • Click Next button.
• The certificate is then emailed to the chosen email address. At this point the new certificate is activated, but is not yet installed on the server.

Installing the SSL certificate

This information may be deprecated. Try the other methods documented in the article first.

• Log in to cPanel.
• Security > SSL/TLS
• Install and Manage SSL for your site (HTTPS) > Manage SSL Sites
• Under Manage Installed SSL Websites > [ssl_domain] > Actions > Update Certificate
• Install an SSL Website
  • Copy the certificate code sent from the certificate authority into the Certificate (CRT) field.
    • The code is sent via email from the certificate authority. This is the last email sent in the SSL certificate activation process.
    • At the last renewal, the entity sending the code was "Comodo Security Services".
  • Click the Autofill by Certificate button above the CRT field.
    • The Domain and Private Key field values will be filled in.
    • If everything is ok, green checkmarks will be displayed next to all the fields.
    • Click Install Certificate
  • If all goes well, a SSL Certificate Successfully Updated modal dialog is displayed.
    • Click the OK button.
    • The page is refreshed.
    • The domain should be listed under Manage Installed SSL Websites without any errors or warnings.^[3]
• Immediately after submitting the certificate, navigating to the secure URL in a browser should not generate any errors.

Confirming a new/renewed certificate

Note that if the old cert has not yet expired, and is still installed on the server, testing the URL using https in a browser will not be a reliable indicator that the certificate is installed and active.

• Return to Namecheap Dashboard > Domain List > certificate domain
• The new certificate should be listed with an expiration date and a Manage button.
• Load the domain in question in a browser using https protocol.

Notes