Renewing an SSL certificate for GOV.UK
We use SSL on GOV.UK. This documentation covers how to renew wildcard SSL
publishing.service.gov.uk and the
subdomains. It is a task performed by Reliability Engineering.
Where these are bought from
GOV.UK’s SSL certificates are bought from Gandi. There are credentials for the
govuk account in the infra password store.
How to renew
- Log into Gandi using the credentials in the infra password store.
- Go to the account dashboard and find the list of SSL certificates on the account.
- Find the certificate you wish to renew and click Renew. You’ll want to
request a wildcard certificate (
*.publishing.service.gov.uk, for example).
- Go through the steps on the renewal form until you reach a page requesting a Certificate Signing Request.
- Generate a Certificate Signing Request (CSR) for a renewal.
- Upload the CSR to Gandi by pasting the contents of the .csr file into the text box.
- Next, choose DNS validation to validate it.
- Pay for it - we don’t have a stored payment method, so find the person with the GOV.UK credit card.
More about Environments
- Add a disk to a vCloud machine
- Create a new environment for GOV.UK
- Generate a Certificate Signing Request (CSR) for GOV.UK
- GOV.UK's environments (integration, staging, production)
- Move apps between servers
- Reboot a machine
- Remove a machine
- Reprovision a machine
- Set up a new mirror for GOV.UK
- Update Pingdom IP ranges