If I opt to have you request a new cert, how does that work?

Trusted Knight uses the Amazon CA, run by Amazon Web Services (AWS), to issue domain-validated SSL certificates.  Trusted Knight will request a new certificate through AWS, and AWS will send a verification email to the contacts listed in the WHOIS domain record for the website.  As long as your organization controls the domain, and is listed as the domain registrant, administrative contact, or technical contact (or forwarded by a domain proxy email address), you will be able to approve the new certificate request.