I have added an additional SAN (sub domain) to an existing GoDaddy UCC SSL. Added this to enable the Download Domain security feature in Exchange.
The certificate, without the new SAN, is already installed on an 2019 Exchange Server, everything works just fine.
My question is,
To install this updated certificate, do I need to generate a new REQ and basically re-key it? Exchange doesn't seem to allow the import of the updated key without first generating the REQ
You cannot upgrade a UCC to include more names. If you are using all of the slots available in your current UCC certificate, and you need to cover another domain, you'll need to purchase a new certificate to add another domain name.
That clears it up, I guess it's obvious if the details of the certificate have changed it needs a re-key.