1. Moniker (New)
  2. SSL Certificates
  3. General

Changes to SSL Certificates

1. What is changing with SSL certificate lifetimes?

Digicert and Sectigo, two providers of SSL certificates will shorten the maximum lifetime of each SSL certificate issued via Moniker. This will be starting 24 February 2026 for Digicert and 12 March 2026 for Sectigo. 

  • Each individual SSL certificate will be valid for up to 199 days (a little over 6 months).
  • Your SSL product / order term (e.g. “1 year” on the invoice) stays the same – but that 1year period will now be covered by multiple shorter certificates instead of one long one.

Your 1 year SSL order will therefore typically involve:

  • First certificate: up to 199 days.
  • At least one reissue during the year to get a new certificate for the rest of the order period.

Existing certificates issued before this change keep the validity they were issued with; the new rules apply to new, renewed and reissued certificates from the 24 February and 12 March 2026 onwards.

Shape

2. Why is my certificate valid for less than 1 year when I bought a 1year SSL product?

What you bought and what the browser sees are slightly different things:

  • Your SSL product / contract (shown on your invoice as “1 year”) defines how long your order is active with Moniker.
  • The SSL certificate that is installed on your server now has a shorter lifetime (up to 199 days).

Because of the new industry rules:

  • You still get up to 1 year of SSL service for your domain.
  • But that year is delivered as several certificates (starting with one, then one or more reissues) instead of one single 1year certificate.

So seeing a certificate that expires in ~6 months is expected behaviour even though you purchased a 1year SSL product.

Shape

3. How often do I need to reissue my SSL certificate?

Key points:

  • Maximum certificate lifetime: 199 days
  • Typical order length: 1 year

This means:

  • Within a 1 year SSL order, you will need at least one reissue to cover the full year.
  • You can reissue more often if you want (for example, when changing servers or keys), but no single certificate can exceed 199 days.
  • To keep your website secure and uninterrupted, you should always reissue and install the new certificate before the current one expires.

In practice, for a 1year order you should plan to:

  1. Install the initial certificate (valid up to 199 days).
  2. Before that certificate expires, reissue and install a new certificate.
  3. If needed, repeat until the order expiration date is reached.

Your order remains active for the full year; each reissue just gives you a new certificate within that same order period.

Shape

4. What do I need to do to reissue my SSL certificate?

Below is a stepbystep guide based on the current Moniker SSL management flow.

Step 1 – Log in and open SSL management

  1. Go to https://moniker.com and log in.
  2. Navigate to “SSL Certificates” → “Manage certificates” 

Step 2 – Select the certificate to reissue

  1. In the list, find your SSL certificate with Status = Active.
  2. Click “Details” (or the “Reissue” button if available).

Step 3 – Generate a new CSR on your server

  1. On your web server or hosting control panel, generate a new CSR (Certificate Signing Request) for the domain.
  2. Use the same Common Name (CN) (e.g. www.example.com or example.com) and key size (typically 2048bit RSA).
  3. Copy the CSR text (including the -----BEGIN CERTIFICATE REQUEST----- / -----END CERTIFICATE REQUEST----- lines).

If you’re unsure how to generate a CSR, ask your server admin / hosting provider or consult your platform’s documentation.

Step 4 – Submit the CSR

  1. Paste the new CSR into the CSR field on the Moniker reissue page.
  2. Check that the domain name and details are correct.
  3. Continue to the Domain Control Validation (DCV) step.

Step 5 – Complete domain validation (DCV)

You must confirm that you control the domain again (because the CSR changed):

  1. Choose your DCV method (recommended: DNS CNAME):
    • If your domain is registered with Moniker and uses our DNS, a CNAME record may be created automatically for you.
    • Otherwise, you will see the CNAME record values that you need to add at your DNS provider.
  2. If DNS is not suitable, you can alternatively choose:
    • Email validation (to an approved address like admin@your-domain) or
    • File-based validation (upload a file to your web server), if offered.
  3. After setting up the chosen DCV method, click “Start verification”.

Step 6 – Wait for issuance and download the new certificate

  1. Once DCV is successful, the certificate status will change to Active in 
    SSLCertificates-manage.html.
  2. You will also receive an email containing the new SSL certificate and CA chain (if not caught by spam filters).

Step 7 – Install the new certificate on your server

  1. Install the new certificate and CA chain on your server, replacing the old certificate.
  2. Restart or reload your web server if required.
  3. Verify via your browser or an SSL checker that:
    • The new expiry date is shown.
    • There are no certificate warnings.

 

5. What happens if I don’t reissue within the certificate’s lifetime?

If you do not reissue and install a new certificate before the current one expires:

  • Your certificate expires.
  • Visitors will see browser security warnings (expired certificate).
  • Your website may effectively be offline for many users (they will be strongly warned or blocked by their browser).
  • This can lead to lost traffic, lost sales, or trust issues, even though:
    • Your SSL order / contract may still be active in Moniker.

You can usually still reissue a new certificate while the order is active, but:

  • There will be a gap between the old certificate’s expiry and the installation of the new one.
  • During that gap, visitors see warnings or errors.

To avoid any downtime, always:

  • Monitor the certificate expiry date, and
  • Reissue and install the new certificate well before it expires.

 

6. Does this change the price or length of my contract?

No.

  • The price of your SSL product and the length of your contract / order term (e.g. 1 yeardo not change.
  • What changes is only the maximum validity of each individual SSL certificate, which is now limited to 199 days.
  • Within that same paid term, you will:
    • Receive the initial certificate, and
    • Perform one or more reissues to keep your site covered for the full duration of your order.

So you keep:

  • The same contract length
  • The same pricing

…with the operational change that you now need to reissue and reinstall your SSL certificate at least once during each 1year period.

 

7. Where can I see the relevant dates in my account?

Expiration Date and Paid Until are both shown in the overview of all certificates as well as on each individual certificate’s detail page. The Expiration Date indicates the last day you can reissue the certificate before it expires. The Paid Until date is the final date until which you can perform free reissues; after this date, you will need to renew the certificate instead of reissuing it. 

More articles in this section