How To Use Old CSR For SSL Certificate Renewal

Can you use old CSR when renewing an SSL certificate? Technically, you can however, there are important considerations. When renewing an SSL certificate on your Hosted.com® hosting account, you may wonder whether you can reuse the original Certificate Signing Request (CSR). Understanding how CSRs work is important for maintaining the security and integrity of your SSL certificate during renewal.

What is a CSR?

A Certificate Signing Request (CSR) is a block of encoded text generated on your server that contains information about your domain and your company. It is used by Certificate Authorities (CAs) to issue an SSL certificate. The CSR includes the public key, which will be paired with a private key stored securely on your server.

Can You Use an Old CSR?

Technically, you can use the old CSR when renewing an SSL certificate. However, there are important considerations:

• Security Best Practice: Reusing the old CSR also reuses the same public/private key pair. For optimal security, it is recommended to generate a new CSR to create a new key pair, reducing the risk of key compromise.
• Renewal Compatibility: Some Certificate Authorities require a new CSR during renewal to ensure that the SSL certificate uses a fresh key pair. Always check the CA requirements.
• Wildcard or Multi-Domain SSLs: If your SSL certificate covers multiple domains or subdomains, generating a new CSR ensures that all domain information is current and correctly included.

How to Generate a New CSR in cPanel

1. Login to Your Hosted.com® Account

2. Go to the Manage Services drop-down section and choose your hosting plan. Then click Manage next to your domain.

3. Click Login next to Control Panel to open cPanel.

4. In cPanel, go to Security → SSL/TLS → Certificate Signing Requests (CSR).

Generate a New CSR

5. Fill in your domain name, company details, and contact information.

6. Select a key size (2048-bit is standard).

7. Click Generate to create a new CSR and private key.

Use the CSR for Renewal

8. Submit the new CSR to your Certificate Authority when renewing your SSL certificate. After issuance, install the renewed certificate via cPanel.

Additional Information

• Private Key Security: Always keep the private key generated with your CSR secure. Do not share it publicly.
• Reusing Old CSR: If you reuse an old CSR, ensure the private key has not been compromised and meets current security standards.
• Verification: After renewal, check that the SSL certificate is correctly installed and covers all domains and subdomains.
• Let’s Encrypt / AutoSSL: For Hosted.com® AutoSSL certificates, the system typically handles CSR generation automatically, eliminating manual steps.
• Security Tip: Regularly rotate SSL keys and certificates to maintain optimal website security.
• Troubleshooting: If the SSL certificate fails to install after renewal, verify the CSR, private key, and CA instructions, or contact Hosted.com® support for assistance.