Renewing a Certificate

Typically, you renew a certificate when it nears expiration. You might also renew a certificate because the metadata needs to change, a certificate in the certificate chain suffers a security breach, or you have a new CA. You can even renew a certificate to roll back to a previous version.

Renewing a certificate creates another certificate version. A new certificate version has new certificate contents and a new validity period. The length of the new certificate version's validity period is derived from the validity period of the certificate that you specified when you created the certificate.

You can configure automated renewal for certificates that you both issued and manage by using the Certificates service. For imported certificates and certificates with a private key that you manage externally, you can't use the service to automatically renew the certificate, but you can update the certificate with new privacy enhanced mail (PEM) files. For more information, see Updating a Certificate PEM.


Older certificate versions aren't automatically deleted when you create new certificate versions. You might need to periodically delete certificate versions to avoid reaching service limits. If you reach service limits for certificates or certificate versions in a certificate, you can't create more certificate versions.
    1. Open the navigation menu and click Identity & Security.
    2. Under Certificates, click Certificates.
    3. From the list of certificates in the compartment, click the name of the certificate that you want to update.

      To find a certificate in a different compartment, under List scope, choose a different compartment.

    4. Under Versions, click Renew Certificate.
    5. Do one of the following:
      • If you want the certificate to be valid immediately and replace the existing certificate version as the current version, leave Not Valid Before blank.
      • If you want the new certificate version to become valid later, click Not Valid Before and specify the date.
    6. Click Not Valid After and specify the date after which the certificate is no longer valid. When a certificate expires, unless it's configured with automatic renewal to create another certificate version, it can no longer be used.
    7. (Optional) By default, renewing a certificate makes it the current certificate version. To create the certificate version without putting it directly into active use, select the Set to Pending check box.
    8. Click Renew Certificate.
  • Use the oci certs-mgmt certificate update-certificate-managed-internally command and required parameters to renew a certificate:

    oci certs-mgmt certificate update-certificate-managed-internally --certificate-id  --validity <version_validity_period_JSON>

    For example:

    oci certs-mgmt certificate update-certificate-managed-internally --certificate-id ocid1.certificate.oc1.<region>.<unique_ID> --validity file://path/to/validity.json

    For a complete list of flags and variable options for CLI commands, see the CLI Command Reference.

  • Run the UpdateCertificate operation to renew a certificate.