Certificates expire and we suggest utilizing short-lived certificates to take full advantage of this security benefit. However, certificates will need to be renewed before they expire in order to function properly.

Certificate Manager makes renewing a certificate ahead of its expiration easy. Renewals are authenticated using your existing certificate and produce an identical certificate with a new serial number and extended lifetime. The private key is unchanged.

In its most primitive form, renewal is a simple single-command operation:

step ca renew myservice.crt myservice.key

More than a dozen command-line flags make step ca renew  flexible and easy to integrate into almost any operational environment.

Inspect your certificate again. You will see it has an extended lifetime with the same validity time as the previous certificate.