# Update SSL Certificate

The guide below outlines the steps you need to accomplish to update the already issued SSL certificate for your service with new custom ADN or CDN domain names.

{% hint style="success" %}
 If you require certificate renewal due to its impending expiration and you have the ***Auto-Renew*** option disabled, you need to re-issue it by following the [Issue SSL Certificate](https://docs.edgeport.com/product-docs/start-guide/issue-ssl-certificate) guide.
{% endhint %}

1. To update the domains list, navigate to the corresponding **Settings > EdgeSSL** service menu section and click the ***Edit*** option below the table with the details of your currently active certificate.

<figure><img src="https://539288051-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrAkU8kT3556pTePJXRV3%2Fuploads%2FIuEym9qYR8U7VdmQEXnI%2Fimage3.png?alt=media" alt=""><figcaption></figcaption></figure>

2. In the opened frame, you’ll be displayed the list of domain names for which the current certificate is issued. Select the ***Add Domains*** below this list:

<figure><img src="https://539288051-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrAkU8kT3556pTePJXRV3%2Fuploads%2FKcGqHN9CZ1166IlCfgJD%2Fimage1.png?alt=media" alt=""><figcaption></figcaption></figure>

3. Enter the required domain name within the shown pop-up window and click on **Add**.

<figure><img src="https://539288051-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrAkU8kT3556pTePJXRV3%2Fuploads%2FOzymbQBjP9dJnbWYjFSF%2Fimage7.png?alt=media" alt="" width="401"><figcaption></figcaption></figure>

Repeat this step to add all the necessary custom ADN and CDN domains according to the [CNAMEs](https://docs.edgeport.com/product-docs/start-guide/issue-ssl-certificate/broken-reference) you’ve set up for your project.

4. Once your list of domains is complete, click **Save** at the bottom frame part.

<figure><img src="https://539288051-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrAkU8kT3556pTePJXRV3%2Fuploads%2F3zOtt97C5EMA1z04f6ag%2Fimage5.png?alt=media" alt=""><figcaption></figcaption></figure>

The frame will be closed, and you’ll see the *Pending DNS Validation Token* status displayed next to the ***EdgeSSL*** option, indicating that the process of generating a new token has started.

<figure><img src="https://539288051-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrAkU8kT3556pTePJXRV3%2Fuploads%2F2phg3M65fE8coT8roZ10%2Fimage2.png?alt=media" alt=""><figcaption></figcaption></figure>

You’ll need to wait up to 5 minutes for this process to be carried out.

5. Once the abovementioned status has disappeared, select the **Enable SSL** button again.

In the ensuing frame, you’ll notice that the status for all your provided domain names has been changed to *Awaiting Certificate Authority*.

<figure><img src="https://539288051-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrAkU8kT3556pTePJXRV3%2Fuploads%2FUiIdzRMMYPiwhNNmiQty%2Fimage4.png?alt=media" alt=""><figcaption></figcaption></figure>

Here, you should locate the newly generated validation token (circled in the image above) and copy it to your clipboard.

6. Next, proceed with the update of your DNS settings using the received token.

If you are using the embedded Edgeport’s DNS Routing solution, navigate to the ***Routing*** menu section to the left and click the **Add New Record** button.

<figure><img src="https://539288051-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrAkU8kT3556pTePJXRV3%2Fuploads%2FOJm6bboiZK0y9n1GdxuD%2Fimage6.png?alt=media" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
For those employing an alternative DNS service, kindly adhere to their respective instructions. The process will be identical to the one initially executed during the certificate's deployment.
{% endhint %}

In the displayed pop-up, choose the ***TXT (Text)*** record **Type** and fulfill the rest of the fields as follows:

<figure><img src="https://539288051-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrAkU8kT3556pTePJXRV3%2Fuploads%2FCQRxfSGORiPxKpUV3wr0%2Fimage9.png?alt=media" alt="" width="446"><figcaption></figcaption></figure>

* **Name** - point it to your project’s hostname by entering an ampersand (*@*);
* **TTL** - specify the number of seconds the record should remain cached on a server upon being requested (*60* is recommended);
* **Value** - paste the validation token body you previously copied.

Click on **Save**.

{% hint style="info" %}
The previously created TXT record associated with the former validation token can be safely removed - this won't impact your service's security in any way.
{% endhint %}

7. After the DNS configuration is updated, the deployment of the new SSL certificate will commence automatically, and no additional actions are required on your part.

To monitor the progress, return to the **Settings > EdgeSSL** service menu section.

{% hint style="info" %}
Please keep patience, as the entire process may take up to 6 hours to complete.
{% endhint %}

<figure><img src="https://539288051-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrAkU8kT3556pTePJXRV3%2Fuploads%2FcNqv7vy4WPdMDiv5uiZP%2Fimage8.png?alt=media" alt=""><figcaption></figcaption></figure>

The SSL setup is considered complete when you are shown the new SSL certificate details, with all of your recently added domains being meticulously listed within the corresponding section and the "*Certification Deployment done successfully!*" message displayed above.