When your website undergoes a domain change, your SSL certificate needs to keep up. The common name on an SSL certificate refers to the primary domain it’s issued for—the one it secures and encrypts. Whether you’ve rebranded, launched a new domain, or migrated to a different hosting environment, updating the certificate to reflect the new domain is essential for maintaining trust and browser security.

The process for changing your SSL’s common name depends on where your certificate is hosted. For example, if you’re using Particle Scrolls hosting, you’ll need to uninstall the existing certificate, update your domain configuration, and then reissue the certificate with the new details. If your site is built on Websites + Marketing, the domain change is handled slightly differently by connecting to the new domain through platform settings.

For all other hosting scenarios, the certificate can be reassigned by accessing your SSL dashboard, selecting the certificate you want to update, and specifying the new domain it should protect. Depending on your hosting setup, you might be prompted to either reassign the certificate to one of your hosted domains or enter a completely new domain name manually.

⚠️ Note: For Deluxe and Extended Validation (EV) SSLs, you can only change the domain—not the organization information—due to the strict validation requirements of these certificate types.

Re-keying the Certificate

In some cases, especially when moving your site to a new server, a new Certificate Signing Request (CSR) may be required. This is known as re-keying the certificate. It’s a straightforward process: paste in the new CSR and submit the change. This ensures that the certificate pairs correctly with your updated hosting environment.

Verifying Domain Ownership

When you update your SSL certificate to reflect a new domain, verification is required to confirm that you actually control that domain. This is a standard security measure and must be completed before the certificate is issued or reissued.

There are two common methods of verification:

1. DNS Record (Recommended)

This method involves creating a TXT record in the DNS zone file of your domain. It’s invisible to the public and doesn’t affect your website’s functionality. You’ll receive a unique TXT value to enter, which is then checked during validation.

  • DNS verification is the preferred method because it supports multiple subdomains (like www. and blog.) and works for Wildcard certificates.
  • The TXT record must be created at the root level and through the domain’s current nameserver provider.

2. HTML Page

The HTML method requires you to upload a uniquely generated file to a specific directory within your website’s root folder. This file contains a validation code that is checked through a browser-accessible URL.

  • The validation file must be accessible exactly at http://yourdomain.com/.well-known/pki-validation/filename.html.
  • This method only works for the root domain and cannot be used for Wildcard SSLs.
  • It’s best suited for environments where DNS edits are not possible or where you want to avoid issuing certificates with the www. prefix.

Note: If your system explicitly restricts www. domains from appearing on SSL certificates, the HTML method may be the preferred choice.

Finalizing the Change

Once your domain is verified—whether through DNS or HTML—the final step is to notify the system that you’re ready for validation. This triggers the verification process, which typically completes within 5–10 minutes.

Changing the common name on your SSL certificate isn’t just about staying current—it’s about maintaining the security and credibility of your digital presence. If you’re unsure or prefer assistance, the SSL management team at Particle Scrolls can walk you through the process or handle it on your behalf.