How to renew an electronic signature (ES)?

Imagine this situation: you need to urgently submit a report to the tax office or sign an important contract — and suddenly the system gives an error. The electronic signature is invalid. The ES has expired, and it is too late to renew it. How to renew the ES, where to get a new one, how long will it take?

To avoid such a situation, after registering your digital signature, it is important to monitor the validity period of your KEP and renew it in a timely manner.

In this article, we will tell you how to find out when your signature expires, what will happen if you miss the deadline, how to renew your KEP in advance, and what options are available for online key renewal.

What happens if you don’t renew your ES on time?

A qualified electronic signature (QES) has a limited validity period — usually one or two years. Therefore, the key must be renewed on time in order to continue using electronic services without interruption:

• For signing documents. If the QES has expired, it cannot be used to sign documents, send reports, or log into systems that require an electronic signature.
• For submitting reports to the tax office. With a valid QES and the Vchasno.Zvit service, entrepreneurs can conveniently and securely submit tax reports online.
• For uninterrupted work with government or business services. Most online platforms automatically verify the validity of the QES and do not accept documents with an expired signature.
• For data security. A valid QES guarantees that documents are not signed by an unauthorized person.

Tip. To avoid interruptions in business processes, we recommend checking the validity of your electronic signature every month and renewing it in advance — approximately 10–15 days before the expiration date.

How to check the validity period of an electronic signature?

You can check the validity period of an electronic signature in a few minutes and in several ways:

1. Through the official website of the Central Certification Authority (CCA). All you need to do is:
   1. Go to the website of the Central Certification Authority (CCA).
   2. ЗDownload the file with the electronic signature (usually has the extension .dat, .p7s, or .zs2).
   3. Drag it into the verification form on the website.
   4. After verification, the website will display: the signatory’s full name, the authority that issued the certificate, and the validity period of the electronic signature (start and end dates).

   

2. In the accounts of qualified electronic trust service providers (QETSP), for example, in the Vchasno.KEP service
   In the Vchasno.KEP user account, you can check the validity period of keys in the “All” or “Active” sections. The start and end dates of each key are displayed in the corresponding column opposite each key. In addition, the service will automatically remind you 60 days before the key expires.
3. Through the key certificate file on your computer.
   The certificate file (.cer) can be opened on your computer. Its properties will indicate the start and end dates of the certificate.

Conditions for renewing a CEP

A CEP can be renewed under the following conditions:

• if the certificate has not yet expired;
• there have been no changes in the registration data — neither in the full name, nor in the address, nor in the company details (name, EDRPOU code, etc.);
• you have access to the current secret key and remember the password for it, as it is impossible to recover the PIN code or password.

How to renew your electronic signature online

You need to renew your electronic key (KEP/UEP) with the same qualified electronic trust service provider (KNEDP) where you created it. This is because the data is already registered in the system of this QESPS, which greatly simplifies the procedure for identifying and generating a new key. Below are the most common ways to update:

📌 Method 1: Via the KNEDP DPS website

The qualified provider of electronic trust services of the State Tax Service of Ukraine (KNEDP DPS) offers a convenient option for extending the validity period of the key online.

The KNEDP DPS website has a service called “Reissuing certificates upon electronic request,” which allows users to generate new certificates themselves. This option is available 1-2 days before the expiration of the old certificates, provided that the registration data has not changed and you remember the password for the valid key.

📌 Method 2: Through online banking

Some banks, which are also qualified providers of electronic trust services, allow their customers to renew their electronic key directly through the online banking system.

This usually requires logging into your personal account in the online banking system, finding the section dedicated to electronic signatures or digital services, and selecting the “Renew key” or “Extend validity” option. The system will automatically generate a new key based on the available data.

📌 Method 3: Through the “Dія” app (cloud-based CEP/UEP signatures)

If you use a cloud-based CEP, such as “Dія.Підпис,” the update can be done automatically or with minimal effort through the app.

To update “Dія.Підпис,” simply go to the ‘Dія’ app, go to the “Dія.Підпис” menu, and if the validity period expires, the system will offer to reissue it after passing photo identification.

📌 Method 4: Through the service that issued the electronic signature

For example, it is easy to obtain or renew a CEP in the “Vchasno.CEP” account.

Tip: Remember or write down this PIN code, as it cannot be recovered or changed.

How to safely store your QES and protect access to it

Proper storage of a qualified electronic signature (QES) is the key to document security and stable business operations. If your QES is lost or damaged, it can lead to financial and legal risks. To avoid loss and misuse, follow a few simple rules:

Do not transfer your QES to third parties. A QES is equivalent to a personal signature. Transferring it to other people is a serious security breach. Losing control of the key can lead to documents being signed without your knowledge.

Do not write down your password in open or shared files. A password stored in unprotected notes on your computer or in your browser is a risk. Use password managers or physical media. A reliable and confidentially stored password is the first and most important barrier to protecting your electronic signature.

Choose cloud storage. It is convenient, secure, and reduces the risk of losing physical media (flash drives, tokens).

By following these simple rules, you reduce the risk of unauthorized access and ensure stable work with signatures every day.

Conclusion: update your QES in advance

A qualified electronic signature is the key to smooth work with documents, tax reporting, government and business services. If the signature has expired, you will not be able to use it when you need it most. Check your signature today and be sure that you can sign important documents on time.