SSL certificates secure your website by enabling HTTPS and encrypting traffic between your server and visitors. From the Libyan Spider client area, you can issue a new SSL certificate for the first time or re-issue an existing certificate when a new CSR, server change, validation update, or CA policy change requires it.
Important Notice About New SSL Certificate Expiration Periods
Public SSL/TLS certificate lifetimes are being shortened under CA/Browser Forum rules. The maximum validity moves to 200 days starting March 15, 2026, 100 days starting March 15, 2027, and 47 days starting March 15, 2029. The same rules also shorten how long previously completed domain/IP validation can be reused: 200 days from March 15, 2026, 100 days from March 15, 2027, and 10 days from March 15, 2029.
Before you start
Before beginning the process, make sure you have:
- access to your Libyan Spider client area
- the SSL service listed under your account
- a valid CSR (Certificate Signing Request)
- access to one of the validation methods required for your domain
- correct contact or organization information, if applicable to the certificate type
Step 1: Log in to the client area
Log in to the Libyan Spider client area using your account credentials.
Step 2: Open the SSL certificate service
Go to Services or My Services, then open the SSL certificate product you want to manage.
Step 3: Start the Issue or Re-Issue process
Inside the SSL service page, choose the appropriate action:
- Issue Certificate for a new SSL that has not yet been activated
- Reissue Certificate if the SSL was already issued before and needs to be replaced or revalidated
The exact button name may vary slightly depending on the SSL product or the client-area theme.
Step 4: Enter the CSR and certificate details
You will usually be asked to provide:
- the CSR
- server or web server type
- administrative or technical contact details
- organization information, where applicable
- your preferred domain validation method
The CSR must be pasted exactly as generated.
CSR generation help
If you do not already have a CSR, you can generate one from your server or control panel. You may also use DigiCert’s OpenSSL CSR Wizard, which lets you enter the certificate details, then generates a customized OpenSSL command for you. DigiCert describes it as a CSR wizard for Apache “or any platform,” and the tool supports options such as RSA 2048, RSA 4096, and P-256.
A CSR typically includes:
- Common Name / domain name
- Subject Alternative Names, if needed
- Organization name
- Department
- City
- State / Province
- Country
Step 5: Choose the validation method
Depending on the certificate type and CA requirements, one of the following validation methods may be available:
Email validation
The CA sends an approval message to an authorized mailbox associated with the domain, such as:
- admin@
- administrator@
- hostmaster@
- webmaster@
- postmaster@
You must open the email and approve the request.
DNS validation
You add a DNS record exactly as instructed by the CA. Once the record propagates and is detected, validation can be completed.
File-based validation
You upload a validation file to a specific path on the website so the CA can confirm control of the domain.
Step 6: Complete validation
After submitting the request, complete the selected validation method and wait for the CA to approve the order.
Under the new rules, keeping domain validation current is increasingly important because the allowed reuse period for domain/IP validation is shrinking over time. For OV and EV certificates, DigiCert also advises keeping organization validation up to date.
Step 7: Install the certificate
Once the certificate is issued, it must be installed on the hosting service or server. Depending on your environment, installation may be automatic or manual.
After installation, test the website using https:// and confirm that the browser shows a valid secure connection.
Notes about the new expiration period and re-issuing
Due to updated CA and browser industry requirements, SSL certificate lifetimes are being reduced in phases. As a result, when you re-issue an SSL certificate, the newly issued certificate may have a shorter validity period than older certificates, and you may be asked to complete validation again depending on the certificate type and the age of previous validation data.
This does not necessarily mean your currently active certificate becomes invalid immediately. Existing certificates that were already issued remain trusted until their normal expiration date, but any new issue, reissue, or renewal may follow the newer lifetime limits in effect at the time of issuance.
Troubleshooting
The Issue/Reissue option is not visible
This may happen if the SSL product has not yet been activated, the service needs manual handling, or the product configuration does not expose self-service issuance in the client area.
Validation email was not received
Check spam folders, confirm that the selected mailbox exists and works, and verify that domain email routing is functioning correctly.
DNS validation is not completing
Make sure the record name and value were added exactly as instructed, then allow time for DNS propagation.
File validation failed
Check that the file was uploaded to the correct path and is publicly accessible without redirects or access restrictions.
The reissued certificate has a shorter expiry than expected
This may be normal under the new CA rules. From 2026 onward, newly issued or reissued certificates may be capped by the new maximum validity period in effect at the time of issuance. DigiCert specifically states that reissues after its February 24, 2026 operational cutoff can only be issued up to the newer shorter validity.
What this means for “Re-Issue”
Re-issuing an SSL certificate no longer always means you will receive a replacement certificate with the same kind of long expiry period you had before. Under the new CA rules, a reissued certificate may be issued with a shorter validity period based on the date it is reissued, not only the date the original order was placed. In practice, this means re-issuance may be required more often over time, and some validation steps may need to be completed again, especially for domain control.
For domain validation specifically, the CA/B Forum rules reduce how long prior validation can be reused. For organization/subject identity data, the Baseline Requirements show a 398-day reuse period from March 15, 2026, while domain/IP validation reuse becomes much shorter. This is why re-issue workflows increasingly depend on having current domain validation in place.
Frequently asked questions
Does re-issuing mean renewing?
No.
Renewal extends the service coverage period.
Re-issuing replaces the currently issued certificate within the existing order or coverage period.
Will I need to validate the domain again?
Possibly, yes. The CA/B Forum rules shorten the period during which domain/IP validation can be reused, so a reissue may require fresh validation depending on timing and certificate type.
Will every reissue have the same validity as before?
Not necessarily. A reissued certificate may follow the shorter maximum lifetime in effect on the date it is issued. DigiCert explicitly says reissues after its 2026 cutoff are affected by the new maximum validity.
Do old certificates stop working immediately because of the new rule?
No. DigiCert states that active certificates issued before the cutoff remain trusted until they expire normally.
