I could not find any information for my scenario to renew the ssl certificate so I thought I would post this in case it helps anyone else. If anyone knows of an easier way to do this let me know. We use a multi-domain ssl certificate that is generated from our main web server that we export to each server. On version 14 we were using IIS so it was easy to install the new certificate. When we upgraded to v15 we now had to use the nginx webserver that came with 3cx. The upgrade process took the certificate from IIS and installed it for nginx to use. Our SSL certificate has now expired and we had to install the new certificate in nginx. In order to complete this process you will need the OpenSSL CSRGen download. https://downloads.3cx.com/downloads/misc/csrgen.zip Import the new certificate to IIS using the exported .pfx file Start the Microsoft Management Console > Run mmc.exe Click the 'Console' menu and then click 'Add/Remove Snap-in'. Select 'Certificates' and click 'Add'. Select 'Computer Account' then click 'Next'. Select 'Local Computer' and then click 'OK'. Click 'Close' and then click 'OK'. Expand the menu for 'Certificates' and click on the 'Personal' folder. Right click on the certificate that you want to export and select 'All tasks' > 'Export'. A wizard will appear. Make sure you check the box to include the private key and continue through with this wizard until you have a .PFX file. Save this file into the extracted CSR Generator folder Open an command prompt and change to the CSR Generator folder Export the private key by running the command openssl pkcs12 -in filename.pfx -nocerts -out key.pem Change filename.pfx to what you named the file in step 10. You will be asked to enter a password to secure this file, you will need it for step 14 Export the certificate file by running the command openssl pkcs12 -in filename.pfx -clcerts -nokeys -out phoneserver.domain.com-crt.pem Change filename.pfx to what you named the file in step 10. Change phoneserver.domain.com to what your hostname is for your SSL certificate. Remove the password from the private key you made instep 12 openssl rsa -in key.pem -out phoneserver.domain.com-key.pem Change phoneserver.domain.com to what your hostname is for your SSL certificate. Make a backup of the current keys in C:\Program Files\3CX Phone System\Bin\nginx\conf\instance1 and then Copy phoneserver.domain.com-crt.pem and phoneserver.domain.com-key.pem to C:\Program Files\3CX Phone System\Bin\nginx\conf\instance1 Restart "3cx PhoneSystem Ngnix Server" service Your new certificate will now work with the nginx webserver. If the service does not start back up, there is a problem with your keyfile or certificate file. Replace the original .pem files and start the service again and then repeat this process.