---
id: renewal
title: Renewal Process
description: Certificates expire to ensure security rotation. TrustLab simplifies the renewal process so you don't experience downtime.
---

# Renewal Process

Certificates expire to ensure security rotation. TrustLab simplifies the renewal process so you don't experience downtime.

## When to Renew
You will receive an email notification:
- **30 days** before expiration.
- **7 days** before expiration.
- **1 day** before expiration.

## How to Renew (Manual Re-issue)

To renew a certificate, you simply generate a fresh one with the same domain name.

1.  Go to **Certificates** and click **"Generate New"**.
2.  **Identity**: Enter the **same Common Name (CN)** as your expiring certificate.
3.  **Generate**: The system will issue a new certificate with a fresh validity period.
4.  **Replace**: Download the new `.crt` (and `.key` if you didn't reuse the CSI) and replace the files on your server.

> [!NOTE]
> The old certificate will remain valid until it expires naturally. You can safely delete it after verifying the new one works.

## What Happens Next?
- A **new certificate** is generated with a new validity period.
- The **Private Key** remains the same (if "Reuse Key" was selected) OR a new key is generated (recommended).
- The old certificate remains valid until its original expiration date (unless revoked).

> [!IMPORTANT]
> You must **download and install the new certificate** on your server. Renewal **does not** happen automatically on the server side unless you use our ACME integration.