Renewing a Certificate
Typically, you renew a certificate when it nears expiration. You might also renew a certificate because the metadata needs to change, a certificate in the certificate chain suffers a security breach, or you have a new CA. You can even renew a certificate to roll back to a previous version.
Renewing a certificate creates another certificate version. A new certificate version has new certificate contents and a new validity period. The length of the new certificate version's validity period is derived from the validity period of the certificate that you specified when you created the certificate.
You can configure automated renewal for certificates that you both issued and manage by using the Certificates service. For imported certificates and certificates with a private key that you manage externally, you can't use the service to automatically renew the certificate, but you can update the certificate with new privacy enhanced mail (PEM) files. For more information, see Updating a Certificate PEM.
Older certificate versions aren't automatically deleted when you create new certificate versions. You might need to periodically delete certificate versions to avoid reaching service limits. If you reach service limits for certificates or certificate versions in a certificate, you can't create more certificate versions.
Use the oci certs-mgmt certificate update-certificate-managed-internally command and required parameters to renew a certificate:
oci certs-mgmt certificate update-certificate-managed-internally --certificate-id --validity <version_validity_period_JSON>
For example:
oci certs-mgmt certificate update-certificate-managed-internally --certificate-id ocid1.certificate.oc1.<region>.<unique_ID> --validity file://path/to/validity.json
For a complete list of flags and variable options for CLI commands, see the CLI Command Reference.
Run the UpdateCertificate operation to renew a certificate.