The renewal of an existing SSL certificate represents the issuance of a new certificate by the certificate authority (CA). This involves the submission of a new certificate signing request, the issuance of the new certificate by the authority, and the installation of the new certificate on the hosting server.

Generally, certificate authorities allow renewal only when a certificate is close to its expiration. Also, they would extend the validity of the new certificate so that it expires one year after the expiration date of the current certificate. Certificates issued on or after September 1, 2020 should have a lifetime of 398 days or less, otherwise they won't be trusted by most browsers.

The certificate authorities that we use allow certificate renewals 33 days or less until the certificate expiration date.

If you attempt to renew a certificate sooner than the allowed renewal periods, you might see a "This certificate cannot be renewed at the moment" error message in the administrative interface. In this case, you need to allow more time and go through the renewal process again within the renewal period.