Skip to main content

Renew CDDC certificate process

Introduction

tip

We strongly recommend switching to a Piano-managed TLS certificate at any time for a seamless, hassle-free solution that ensures optimal performance and simplified management.

The migration button is available in the custom domain side panel.

Regularly, it is necessary to renew the SSL certificate linked to the CDDC collection domain, which has an expiration date by nature. The renewal goes through several phases:

  1. Creation of a new CSR
  2. Import of the new certificate
  3. Verification of proper operation
  4. Deployment

We will describe here the different steps in order to proceed to the renewal of your CDDC certificate.

Creation of a new CSR

The creation of a new CSR is mandatory to renew your CDDC. This in order to renew also the private key (held by AT Internet) linked to your domain.

To create your new CSR, click on the renewal link:

Start renewing process

You will then be presented with a form inviting you to fill in the information related to your collection domain and the CSR. By default, the fields are pre-filled with the information filled in during the creation of the CDDC, so you can validate after proofreading:

CSR form

The CSR is then displayed:

CSR displayed

You can access it again later through the domain details panel.

Import of the new certificate

Once you have purchased the new certificate, you will be able to import it directly from the interface.

Two fields have to be filled in:

  • The certificate body
  • The certificate chain

Fill certificate fields

Once the certificates have been filled in and the form validated, a validation step is displayed, indicating potential errors:

Certificate validation

The information in the certificate does not have to match the information in the CSR. Only the CN (Common Name) must be identical.

If no errors are indicated, you will be able to finalize the import of the certificate.

Functional check

When renewing the certificate of your CDDC, we set up a test phase for the new certificate to ensure that it works properly.

Here are a few ideas for you to try out.

These are only examples of the possible tests. Other tests may be required by your technical teams.

Open staging test info

Retrieving the necessary information

In order to perform this test procedure, you need to know:

  • your CDDC address: my.domain.com
  • the IP of the temporary server

You can retrieve the IP address(es) from the renewal interface of your CDDC:

Staging test info

These IPs are subject to change, so make sure you update the list before testing:

Modification of the hosts file

Edit your hosts file to add one of the IP retrieved in the previous step:

34.x.y.z    my.domain.com

Certificate Validation

Go to the URL of your CDDC, and check:

  • that the padlock on your browser confirms that the connection is secure
  • that the message "OK" is displayed on the loaded page.

Once these checks have been made, you can assume that the new certificate is attached and is working properly.

Deployment

You can then proceed with the deployment of this new certificate on your collection domain, by confirming the renewal.