Troubleshooting CSR (Certificate Signing Request) for SSL certificates

While setting up or re-issuing a SSL certificate, a Certificate Signing Request (CSR) must be generated by the host to pass information between the Certificate Authority and web host. Here are tips for generating a valid CSR:

  • The domain has to exactly match the SSL certificate. If you purchased a wildcard, it would look like this: * . If the SSL just covers the main domain it would look like this: If the SSL covers a subdomain it would look like this:
  • A key of 2048 works best for Encryption Everywhere SSLs and most other SSLs provides. 
  • Be sure the contact information is valid and complete. 
  • Use a CSR checker like this one to make sure you meet the requirements of a valid CSR: 
  • SSLs can only be renewed a month before they expire, and they cannot be renewed if they have not been set up. 
  • You can only use one SSL on a domain or subdomain at a time.

If these suggestions is not solving your issue, please see the articles below or fill out our SSL Support form

Also, see: 

Have more questions? Submit a request


Please sign in to leave a comment.