Reissue certificate


Use this endpoint to reissue a certificate. A certificate reissue replaces the existing certificate with a new one that has different information, such as a different common name, CSR, or signature hash.

End of 2-year public SSL/TLS certificates

The Services API no longer issues public SSL/TLS certificates with a validity period greater than 397 days.

When you reissue a public SSL/TLS certificate that has a validity greater than 397 days, the validity period of the reissued certificate is shortened to 397 days or to the time that remains on the order, whichever is sooner. To use the remaining validity included with the original certificate order, reissue the certificate again during the order's final 397-day period.

To learn more about this change, see End of 2-year DV, OV, EV Public SSL/TLS Certificates.

When you reissue a certificate for a Multi-year Plan, you can set a new expiration date for the reissued certificate. For more information, see Multi-year Plans.

curl -X POST \
  '{{order_id}}/reissue' \
  -H 'Content-Type: application/json' \
  -H 'X-DC-DEVKEY: {{api_key}}' \
  -d '{
  "certificate": {
    "common_name": "",
    "dns_names": [
    "csr": "<csr>",
    "server_platform": {
      "id": 2
    "signature_hash": "sha256"
import requests

url = "{{order_id}}/reissue"

payload = "{\n  \"certificate\": {\n    \"common_name\": \"\",\n    \"dns_names\": [\n        \"\"\n    ],\n    \"csr\": \"<csr>\",\n    \"server_platform\": {\n      \"id\": 2\n    },\n    \"signature_hash\": \"sha256\"\n  }\n}"
headers = {
    'X-DC-DEVKEY': "{{api_key}}",
    'Content-Type': "application/json"

response = requests.request("POST", url, data=payload, headers=headers)

package main

import (

func main() {

	url := "{{order_id}}/reissue"

	payload := strings.NewReader("{\n  \"certificate\": {\n    \"common_name\": \"\",\n    \"dns_names\": [\n        \"\"\n    ],\n    \"csr\": \"<csr>\",\n    \"server_platform\": {\n      \"id\": 2\n    },\n    \"signature_hash\": \"sha256\"\n  }\n}")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("X-DC-DEVKEY", "{{api_key}}")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)


var request = require("request");

var options = { method: 'POST',
  url: '{{order_id}}/reissue',
   { 'Content-Type': 'application/json',
     'X-DC-DEVKEY': '{{api_key}}' },
   { certificate: 
      { common_name: '',
        dns_names: [ '' ],
        csr: '<csr>',
        server_platform: { id: 2 },
        signature_hash: 'sha256' } },
  json: true };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

201 Created
  "id": 112233,
  "requests": [
      "id": 332211
201 Created (skip_approval)
  "id": 112233,
  "certificate_id": 111112

Request parameters

Name Req/Opt Type Description
certificate required object Details about the certificate.
.. common_name required string Domain to be secured.
.. dns_names optional array Additional domains to be secured.
.. csr required string Certificate signing request (CSR).
See Glossary – CSR requirements
.. server_platform optional object Server platform type.
Required for code signing certificate orders.
Default: -1 (other)
.. .. id required int Server platform ID.
See Glossary – Server platforms
.. cert_validity optional object Defines the validity period of the reissued certificate.

If not provided, the validity period for the reissued certificate defaults to the time remaining in the Multi-year Plan or the maximum certificate validity period defined by CA/B Forum baseline requirements, whichever is shorter.
This object is ignored for reissues that are not associated with a Multi-year Plan.
.. .. years optional int Number of years the certificate is valid after it is issued.
Can be replaced with cert_validity.days or cert_validity.custom_expiration_date.
Allowed value1
.. .. days optional int Number of days the certificate is valid after it is issued.
Overrides cert_validity.years.
.. .. custom_expiration_date optional string A custom expiration date for the certificate.
Overrides cert_validity.days and cert_validity.years.
Formatdd MMM YYYY (for example, "09 JUN 2021")
Range: Must be within 397 days of the date you request the certificate.
.. signature_hash required string Hash algorithm used to signing the certificate.
.. ca_cert_id optional string ID of the intermediate certificate authority (ICA) that you want to sign the certificate. If you do not provide a value for this parameter, we issue the certificate using the default ICA.

  • OV and EV flex certificates are the only public TLS/SSL certificates that support ICA selection. For a list of certificates with flex capabilities, see Flex certificates.
  • We ignore this parameter if ICA selection is not enabled for your account. To enable ICA selection, contact your account manager or the Support team.
  • Account administrators can limit the public ICAs you can select for each product. If you provide the ID of an ICA that is not allowed, the request returns an error. To get the IDs of allowed ICAs for products in your account, use the Product limits endpoint. To customize the allowed intermediates for a product that supports ICA selection, use the Settings > Product Settings page in the CertCentral console.
comments optional string Message about the reissue.
skip_approval optional bool Specify if the order should skip the approval step and be immediately submitted for validation and issued when complete.
Default: false

Response parameters

Name Type Description
id int Order ID.
certificate_id int Certificate ID.
Only returned if skip_approval is true.
requests array List of requests.
.. id int Request ID.