Rekey a Certificate
Rekeying a certificate generates a new key and certificate with the same name and expiration date as a previously-purchased certificate. Rekeys are free, and can be used if a key has been lost or compromised.
sslmate rekey HOSTNAME
HOSTNAME is the name of an active certificate on your account that you want to reissue.
sslmate rekey, you'll have new key and certificate files in the
your key and cert directories. Be sure to restart your web server so
it loads these new files.
Once you've installed your new certificate, you should revoke your old certificate, as described below.
Revoke a Certificate
Revoking a certificate causes clients to reject the certificate, which can be used if a certificate's private key is compromised. However, be aware that not all clients check for revocation, and most web browsers check for revocation in a way that can be circumvented by an attacker. Therefore, revocation is not an airtight way to prevent a compromised key from being used.
Before revoking your certificate, you should rekey it as described above. Be sure to install your new certificate before revoking the old one, or visitors will be unable to access your site.
sslmate revoke HOSTNAME
HOSTNAME is the name of an active certificate on your account that you want to revoke.
sslmate revoke revokes only old certificates.
The most recent certificate is not revoked. To revoke even the most
recent certificate, pass the
--all option to
sslmate revoke --all HOSTNAME). Warning:
if you use
--all, SSLMate will no longer be able to issue new certificates
for this hostname unless you buy a brand new certificate. Generally, to revoke a
certificate, you should first rekey it with the rekey command and then use
--all. Only use
--all if you no longer need any certificates for a hostname.
Revocations are free.