If your Certificate is about to expire, you need to generate a new one.
The procedure is somewhat dependent on whether you are using a CA or not.

Regenerate SSL-Certificate with CA

Creating a CSR

In this case you need to generate a new CSR (Certificate Signing Request) for the CA to sign.
If you want to keep all your configurations the same, you can use the existing Certificate as configuration and reuse your private key.
If you want to change your configuration, you can either reuse you private key or generate a new one as well.

Reuse old Certificate

If you still have your old certificate and private key, you can use them to create an new csr with identical configuration.

$ openssl x509 -in domain.crt -signkey domain.key -x509toreq -out domain.csr

This will take the configuration form your old certificate domain.crt, sign it with your old private key domain.key and outputs your new signing request domain.csr.

Reusing your Private Key with new Configuration

$ openssl req -key domain.key -new -out domain.csr

This will use your existing private key domain.key to output your CSR domain.csr.

Creating a new Private Key

$ openssl req -newkey rsa:2048 -keyout domain.key -out domain.csr

This will output your new private key domain.key and your CSR domain.csr.

Signing the CSR

This can only be done if you have full control over your CA. Otherwise you will send the CSR to an administrator.

$ openssl x509 -req -CA rootCA.crt -CAkey rootCA.key -in domain.csr -out domain.crt -days 365 -CAcreateserial -extfile domain.ext

Generate new SSL-Certificate without a CA

If you don’t have a CA and just want to self-sign your certificate do it like this.

$ openssl req -newkey rsa:2048 -nodes -keyout domain.key -x509 -days 365 -out domain.crt

This will create a new private key and a certificate.