This is a mental note really, since my certificates last two years and I’ve always forgotten what to do about it. Generate a new request:openssl req -new -key <keyfile> -out <csrfile>StartSSL throw away all properties of the request except the key, so any answers will do. Re-use the request you sent last time (thanks Noel)….