If your attempts to renew a certificate return errors, it is likely that the certificate has either been revoked or it has expired. In either case, the certificate can no longer be used, and it will not be possible to renew the certificate ('Renew After Expiry' coming soon, see our Feature Requests forum for more). 


You will have to generate a new certificate for the system using step ca certificate ... to replace the invalid certificate.


Check if the the certificate is revoked

If you try to renew the certificate and see the following error, that means that someone has revoked this certificate.

step ca renew myservice.crt myservice.key 

error renewing certificate: The request lacked necessary authorization to be completed. Please see the certificate authority logs for more info.

You will also see the record for the certificate in the Certificate Manager dashboard has recorded the time that the certificate was revoked:


Check if the certificate has expired

If you try to renew the certificate and see the following error, the certificate has expired and cannot be renewed.

step ca renew myservice.crt myservice.key 
                
cannot renew an expired certificate


You will also see that the record for the certificate in the Certificate Manager dashboard says that the certificate has expired:


Still not sure?

Please contact Smallstep support for further assistance.