Table of contents

Renewing an SSL certificate for GOV.UK

We use SSL on GOV.UK. This documentation covers how to renew wildcard SSL certificates for publishing.service.gov.uk and the integration and staging subdomains. It is a task performed by Reliability Engineering.

Where these are bought from

GOV.UK’s SSL certificates are bought from Gandi. There are credentials for the govuk account in the infra password store.

How to renew

  1. Log into Gandi using the credentials in the infra password store.
  2. Go to the account dashboard and find the list of SSL certificates on the account.
  3. Find the certificate you wish to renew and click Renew. You’ll want to request a wildcard certificate (*.publishing.service.gov.uk, for example).
  4. Go through the steps on the renewal form until you reach a page requesting a Certificate Signing Request.
  5. Generate a Certificate Signing Request (CSR) for a renewal.
  6. Upload the CSR to Gandi by pasting the contents of the .csr file into the text box.
  7. Next, choose DNS validation to validate it.
  8. Pay for it - we don’t have a stored payment method, so find the person with the GOV.UK credit card.
This page was last reviewed . It needs to be reviewed again by the page owner #govuk-2ndline.