If your SSL Certificate has expired, your license has lapsed, or you are unsure what action you need to take next, this page explains your obligations as an SSL Certificate holder. It covers the difference between your SSL Certificate license and your SSL Certificate, why reissue is required during your license period, what happens when either expires, and where the responsibility for managing your SSL Certificate sits.
Important : Your SSL Certificate license and your SSL Certificate are two separate things with different validity periods. Understanding this distinction is essential for keeping your website protected.
SSL Certificate Management as a Business Responsibility
Operating an online store or website comes with obligations. Ensuring the electricity is connected and the bill is paid keeps the lights on. Ensuring your domain registration is current keeps your website reachable. Ensuring your SSL Certificate is valid keeps your website secure and trusted by visitors, browsers, and search engines.
If the electricity bill is not paid, the lights go off. If the SSL Certificate expires, browsers display security warnings and visitors leave. Both are the responsibility of the business owner.
Trustico® provides the SSL Certificate products, the tools, and the tracking system that customers and partners need to keep their websites protected. The product and the tooling are there. Using them, monitoring validity dates, and taking action when required is the responsibility of the website owner or their server administrator.
Certificate as a Service (CaaS) exists specifically to remove this ongoing management burden. With Certificate as a Service (CaaS), the SSL Certificate is reissued automatically before it expires, and no manual action is required. For customers who prefer to manage their SSL Certificates manually, the tracking system, calendar files, and reissue tools are all available. Explore Certificate as a Service (CaaS) Automation 🔗
SSL Certificate License vs SSL Certificate
When you purchase an SSL Certificate from Trustico® you are purchasing an SSL Certificate license for a specific period - typically one, two, or three years. This license grants you the right to have a valid SSL Certificate issued and active for the domain names covered by your purchase for the duration of that license period.
However, the SSL Certificate itself has a shorter maximum validity than your license period. The Certification Authority/Browser (CA/B) Forum, which governs SSL Certificate issuance standards, sets the maximum validity period for SSL Certificates.
As of March 2026, the maximum validity is 200 days. This will continue decreasing to 100 days in March 2027 and eventually just 47 days by March 2029. Prior to March 2026, the maximum was 398 days (approximately 13 months). Explore SSL Certificate Validity Periods and Multi-Year Purchasing 🔗
This means that even if you purchase a two-year or three-year SSL Certificate license, the SSL Certificate installed on your server cannot be valid for the full license period. It must be reissued multiple times during any multi-year license, and at least once during a one-year license now that validity periods are shorter than 12 months.
Simple Analogy
Think of your SSL Certificate license like a gym membership. You pay for a 12-month membership, but your access card expires every 90 days and needs to be refreshed at the front desk. The membership (license) covers the full year, but the access card (SSL Certificate) must be refreshed periodically.
If you do not refresh your access card, you cannot enter the gym - even though your membership is still active. The same applies to your SSL Certificate and your license.
Understanding Reissue Requirements
SSL Certificate reissue is the process of obtaining a new SSL Certificate from the Certificate Authority (CA) to replace one that is approaching or has reached its expiry date. This is not a renewal of your license - your license remains active throughout its purchased period. Reissue simply generates a fresh SSL Certificate with a new validity period under your existing license.
Reissue is required because the Certification Authority/Browser (CA/B) Forum mandates maximum SSL Certificate validity periods that are shorter than multi-year license periods. Shorter validity periods improve security by ensuring that encryption keys are rotated regularly and that domain ownership is reverified periodically. Web browsers enforce these validity limits and will display security warnings if an SSL Certificate exceeds the allowed maximum validity.
If you do not reissue your SSL Certificate before it expires, your website will begin showing browser security warnings to visitors even though your license is still active. The license gives you the right to reissue - but the reissue itself must be performed.
Reissuing Your SSL Certificate
The reissue process depends on how your SSL Certificate was originally installed.
Certificate as a Service (CaaS) Customers
If your SSL Certificate was installed using the Trustico® Certificate as a Service (CaaS) plugin, reissue is handled automatically. The plugin configures an automated reissue schedule when your SSL Certificate is first installed. A daily task monitors your SSL Certificate and reissues it before expiry without any action on your part.
You do not need to request a reissue, enter credentials again, or take any manual steps. The plugin manages the entire process. This is one of the primary advantages of Certificate as a Service (CaaS). Learn About Certificate as a Service (CaaS) 🔗
Traditional SSL Certificate Customers
If your SSL Certificate was installed manually (not through the Certificate as a Service (CaaS) plugin), you will need to reissue it yourself before it expires. You can do this through your Trustico® tracking system by logging in and selecting the reissue option for your SSL Certificate order. Learn About The Trustico® Tracking System 🔗
You will need to generate a new Certificate Signing Request (CSR) from your server and submit it during the reissue process. After the reissue is processed by the Certificate Authority (CA), you will receive your new SSL Certificate files by e-mail and will need to install them on your server manually. Learn About How to Reissue Your SSL Certificate 🔗
If your license has expired and you need to purchase a new one, the renewal process is separate from reissue. Learn About SSL Certificate License Renewals 🔗
Reminders, Notifications, and Your Responsibility
Trustico® sends license expiry notices and general reminders on a best-effort basis. However, managing the validity of your installed SSL Certificate and your SSL Certificate license is ultimately the responsibility of the SSL Certificate holder.
E-mail reminders are not guaranteed to reach you. They may be caught by spam filters, delivered to an e-mail address that is no longer monitored, sent to a former employee who originally placed the order, or simply not delivered due to mail server issues. Customers with multiple SSL Certificate licenses - including multiple licenses for the same domain - may receive notices that are difficult to match to the correct order without checking the tracking system directly.
This is why relying on e-mail reminders alone is not a reliable approach to SSL Certificate management. The Trustico® tracking system displays all validity information for both your SSL Certificate license and your installed SSL Certificate at any time. You can log in and check expiry dates, reissue history, and license status whenever you need to. Learn About The Trustico® Tracking System 🔗
There are several ways to check the validity of your installed SSL Certificate and your license status. You can view the expiry date through your browser's padlock icon, check the SSL Certificate installation directly on your server through your hosting control panel, use command line tools like OpenSSL to query your domain remotely, or write scripts to monitor expiry dates across all of your domains automatically.
The Trustico® tracking system displays both your SSL Certificate validity and your license status in one place. The ordering system also provides downloadable calendar files that you can import into your calendar application to set your own reminders for upcoming expiry dates.
Important : Just as a business owner is responsible for keeping the electricity connected, the responsibility for maintaining a valid SSL Certificate sits with the website owner. Trustico® provides the SSL Certificate products, the tracking system, and the automation tools to make this straightforward. Whether you choose Certificate as a Service (CaaS) for fully automated management or prefer to manage your SSL Certificates manually, the tools are available - but the action must come from you or your server administrator.
The most effective way to eliminate this responsibility entirely is to use Certificate as a Service (CaaS). The Trustico® Certificate as a Service (CaaS) plugin handles reissue automatically. Once installed, you never need to think about SSL Certificate expiry again. This is the recommended approach for all customers. Learn About Traditional SSL Certificates vs Certificate as a Service (CaaS) 🔗
License Renewal vs SSL Certificate Reissue
License renewal and SSL Certificate reissue are two separate actions that serve different purposes. License renewal is a purchase you make when your license period expires, extending your coverage for another term. SSL Certificate reissue is a free action you take during an active license to obtain a fresh SSL Certificate with a new validity period. The table below outlines the key differences.
|
License Renewal |
SSL Certificate Reissue |
| Purpose |
License Purchase |
Utilizing Existing License |
| When Required |
License Period Expires |
Before SSL Certificate Expiry |
| Cost |
Chargeable |
Included - Free |
| Responsibility |
Customer |
Automatic or Customer |
| Certificate Signing Request (CSR) |
Required |
Automatic |
If your license period has ended and you need to purchase a new one, you can order and receive a new SSL Certificate through the Trustico® website within minutes. For additional assistance with this process, the Trustico® customer service team is happy to help.
If your license is still active and your installed SSL Certificate has simply expired, you do not need to renew. You need to reissue under your existing license at no additional cost.
Common Questions
The following questions address the most common situations customers encounter when managing their SSL Certificate licenses and SSL Certificate validity.
SSL Certificate Expired After 200 Days Despite a Two-Year License
You purchased a two-year SSL Certificate license. The SSL Certificate itself can only be valid for a maximum of 200 days due to industry regulations set by the Certification Authority/Browser (CA/B) Forum. Prior to March 2026, the maximum was 398 days (approximately 13 months), so customers who purchased before that date may have experienced their first expiry after roughly one year.
Your license is still active and you can reissue a new SSL Certificate under it at no additional cost through the Trustico® tracking system. If you are using Certificate as a Service (CaaS), this reissue happens automatically. Learn About The Trustico® Tracking System 🔗
Missing Expiry Reminders
Trustico® sends license expiry notices and general reminders on a best-effort basis, but these e-mails may be caught by spam filters, delivered to an outdated e-mail address, or sent to a former employee who originally placed the order.
Regardless of whether a reminder e-mail reaches you, the responsibility for monitoring SSL Certificate validity sits with the SSL Certificate holder. You can check your SSL Certificate expiry date at any time through your browser's padlock icon or by logging in to the Trustico® tracking system. Certificate as a Service (CaaS) eliminates this concern entirely by handling reissue automatically. Learn About The Trustico® Tracking System 🔗
Reusing a Certificate Signing Request (CSR) for Reissue
While it is technically possible to reuse a Certificate Signing Request (CSR), it is recommended to generate a new Certificate Signing Request (CSR) for each reissue. This creates a new Private Key, which is better security practice. If you are using Certificate as a Service (CaaS), the plugin generates new keys automatically during reissue.
Website Showing Security Warnings Despite an Active License
If your website is showing browser security warnings, your installed SSL Certificate has expired. This does not mean your license has expired - your license may still be active.
You need to reissue a new SSL Certificate under your existing license through the Trustico® tracking system. If you are using Certificate as a Service (CaaS) and your SSL Certificate expired, contact your server administrator to verify the plugin is installed and the reissue schedule is active. Learn About How to Reissue Your SSL Certificate 🔗
Checking Your SSL Certificate Expiry Date
There are multiple ways to check when your SSL Certificate expires. You should be using at least one of these methods regularly to ensure you are aware of upcoming expiry dates.
The simplest method is through your web browser. Click the padlock icon in your browser's address bar and view the SSL Certificate details. The expiry date is listed in the SSL Certificate information panel. This works in all major browsers including Chrome, Firefox, Safari, and Edge.
You can also check the SSL Certificate installation directly on your server. If you use cPanel, the SSL/TLS Status page shows the expiry date for every domain on your account. Other hosting control panels such as Plesk and DirectAdmin provide similar views. On servers without a control panel, the SSL Certificate files can be inspected directly through the server configuration.
Server administrators can use command line tools to check SSL Certificate expiry dates remotely. Running an OpenSSL command against your domain returns the full SSL Certificate details including the expiry date. This can be scripted to run automatically across all of your domains on a schedule, alerting you when any SSL Certificate is approaching expiry.
Online SSL Certificate checking tools provide another option. Trustico® offers an SSL Certificate checker at tools.trustico.com that displays the full SSL Certificate chain, expiry date, and installation status for any domain. Learn About SSL Certificate Tools and Utilities 🔗
The Trustico® tracking system shows both your SSL Certificate validity and your license validity in one place. You can log in at any time to view expiry dates, reissue history, and license status across all of your orders. This is the single best place to check the status of everything associated with your Trustico® purchases. Learn About The Trustico® Tracking System 🔗
The Trustico® ordering system provides downloadable calendar files when you place an order. Import these into your calendar application to set reminders well ahead of expiry dates. This gives you a personal safety net that does not depend on e-mail delivery.
If you are using the Trustico® Certificate as a Service (CaaS) cPanel plugin, the coverage tables in the plugin show the expiry date and days remaining for each domain on your account. With Certificate as a Service (CaaS) managing reissue automatically, these dates are informational only - the plugin handles everything before expiry is reached.
Tip : Certificate as a Service (CaaS) eliminates all of these concerns. The plugin reissues your SSL Certificate automatically before it expires, generates new keys for each reissue, and requires no manual intervention. Once configured, your SSL Certificate is managed for the life of your license. Learn About Certificate as a Service (CaaS) Automation 🔗
