1. Openprovider
  2. SSL Certificates
  3. FAQ - General questions

My SSL suddenly become revoked

Question

My SSL certificate was revoked unexpectedly. Why did this happen?

Answer

The private key of an SSL certificate is highly sensitive data and must be securely stored by the customer. Any leak of the private key can lead to traffic decryption and compromise security. Comodo/Sectigo continuously monitors the security of key storage.

 

Certificate revocation acts as a safeguard in the event that an SSL/TLS certificate is compromised. When signs of trouble are detected, digital certificates should be revoked to prevent unauthorized users from impersonating entities or otherwise allowing bad actors to exploit compromised certificates. If a leak is detected, the certificate will immediately appear in the 'Revoked' list for security reasons. Sectigo is required to revoke affected certificates within 24 hours of confirming such an incident.

A private key leak usually occurs when a customer's server is compromised or when the key is accidentally or intentionally published in a public source. Please note that if a private key is compromised, no notifications are sent to customers or resellers by the Certificate Authority.

On the host end, the certificate becomes revoked only after a few days of the revocation for most browsers. You can check if your private key is disclosed or not here by uploading certificate ("PEM" format certificate) or CSR (Certificate Signing Request). IMPORTANT: None of these tools require you to upload any private key material. If you do upload a private key, that key will be added to the Pwnedkeys dataset.

If such a situation occurs, please follow the recommendations below:

1. When a certificate is revoked, you can reissue the existing SSL certificate by generating a new CSR with a new private key, which will issue a replacement certificate under the same order.
2. If reissue is not working, please contact us and explain the situation.
3. Depending on the specific case, Comodo/Sectigo may offer free replacement of the certificate. 
4. Install the new certificate according to our guides.

Please remember that the safety of your website is also partially in your hands. Never share your private key with anyone and always store it in a secure location.

Was this article helpful?
Additional questions? Submit a request