After moving my site to SSL almost a year ago, it was time to renew my certificate. I didn't realize that "renewing" your certificate actually just involved purchasing an entirely new certificate (I naively thought it was like a domain name), which requires you to re-install it on your server. All of the guides I found explained how to install a brand new certificate from scratch, but none touched on how to overwrite an old certificate. I now realize how simple this is (and I'm sure some of you experts are LOL'ing at me right now), but I thought it might be useful to put together a quick guide to help anyone else who might be confused by this. This guide assumes you are using a paid SSL certificate and followed the official Centminmod Nginx SPDY SSL setup guide. I use a GeoTrust QuickSSL Premium certificate purchased from GoGetSSL. Step 1 After you follow the renewal process with your SSL provider and have your new certificate, download the new .crt file. With GoGetSSL, you do this via the "Download SSL" button on your Certificate Details page (make sure you are downloading the new certificate and not the old one by checking the expiration date). It will have a name similar to www_yourdomain_com.crt. Step 2 Go to your SSL certificate directory (if you followed the Centminmod SSL setup guide, it will be located in /usr/local/nginx/conf/ssl/yourdomain). I would recommend making a copy of your old .crt file, just in case, and give it a different name. Now upload your new .crt file to this directory and make sure it overwrites the old one. Step 3 Now we just need to get the new certificate into the ssl-unified.crt file. We can do this by simply concatenating the new certificate with the SSL provider's intermediate and root certificates. In my case, with GoGetSSL, they provide what is called a "ca-bundle" file that has all that stuff in it, so to create the new ssl-unified.crt file, just do the following: Code: $ cat www_domain_com.crt www_domain.com.ca-bundle > ssl-unified.crt Note that I did not have to download a new ca-bundle file, I just used the old one that I had left there when I first set up SSL on my server. Step 4 Restart nginx with service nginx restart and make sure your site is still working. You should check the certificate in your browser to make sure it has the new expiration date; you can also use this SSL installation checker from GoGetSSL or this one from GeoTrust (I actually like GeoTrust's better) to verify the new date is shown there as well. As you can see, it's really simple. Hope this helps someone.