Boris Masis

If you’ve ever setup an SSL certificate you know that its a hassle. Renewing your SSL certificate is likewise un-intuitive and takes more steps than it should. It turns out that paying for a certificate renewal does not automatically renew the certificate you have installed, you actually have to install the renewed copy.

Our setup involves a wildcard GoDaddy SSL certificate hosted on IIS6. The renewal process goes something like this:

1. You then have to go to “Manage Certificate” in Godaddy and request a renewal.
2. Generate the CSR in IIS:
   • Go to the “Directory Security” tab for SSL site in IIS.
   • Click the “Server Certificate.” button (located in the “Secure communications” area)
   • Click “Next” in the Welcome to the “Web Server Certificate Wizard” window.
   • Select “Renew”; then click “Next.”
   • Select “Prepare the request now, but send it later” and click “Next.”
   • Paste the CSR into the Godaddy form.
3. Godaddy will issue the new certificate (you should get an email instantaneously)
4. Process the pending request in IIS using the .crt file sent by GoDaddy.
5. Select “replace the current certificate” and select the certificate with the new expiration date.
6. If you’re using a wildcard certificate and want to use it with other sites select “export the current certificate to a .pfx file”
7. To use the exported wildcard certificate on a different website you will first need to remove the current certificate on that website and then import the one from the .pfx (there will be momentary downtime while you do this).