Skip to content

Back to blog

Introducing `sslmate reissue` and `sslmake revoke`

Hopefully the Internet won't ever see another Heartbleed, but nevertheless SSLMate believes you should be prepared to deal with a Heartbleed-like event—that is, an event requiring a mass regeneration of your private keys and certificates—with the least amount of delay and hassle.

Thus, SSLMate is proud to announce the availability of two new sslmate commands: sslmate reissue and sslmate revoke. When you need to reissue an SSLMate certificate, there's no need to fumble around with confusing openssl commands and copy-and-pasting CSR blobs into over-complicated certificate authority websites. Instead, you simply run:

sslmate reissue www.example.com

A new private key will be automatically generated. Within 30 to 60 seconds, you'll receive an approval email at the same email address used to approve the certificate at time of purchase. Once you've followed the instructions in the approval email, sslmate will download the new certificate to your server and return you to the shell prompt. In all, certificate reissues take around 60 seconds, and can be scripted if you need to reissue many certificates en masse.

Once you've reissued a certificate and restarted your web server, you can revoke your old certificate. Revocation is a separate step from reissuance so that you have a chance to install and test the new certificate. To revoke a certificate, just run:

sslmate revoke www.example.com

For more information about reissuing and revoking certificates, see our help section.

One more thing: reissuing and revoking certificates is completely free.