renewing_a_comodo_ssl_certificate_in_ubuntu_and_apache2
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | |||
renewing_a_comodo_ssl_certificate_in_ubuntu_and_apache2 [2020/04/11 15:29] – wikiadmin | renewing_a_comodo_ssl_certificate_in_ubuntu_and_apache2 [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ======Renewing a Comodo SSL Certificate in Ubuntu and Apache2====== | ||
- | Purchase the renewal of your existing SSL certificate with you domain registrar, such as namecheap. Make sure to renew for two years instead of only one year. It will save you time and effort in the future. | ||
- | |||
- | Use Putty to login remotely to your ubuntu web server using SSH. Login with your non-root username and corresponding password. Switch to the root user by again supplying the user password. Navigate away from your user directories and go to /etc/ssl by using the command cd / | ||
- | |||
- | You may use OpenSSL to generate a new CSR (code signing request or certificate signing request) based upon the old certificate and the existing private key. Many instructions will suggest that you generate a new private key and a new CSR from that new key. It seems so unnecessary. | ||
- | |||
- | After you validate your authority, then your domain registrar or certificate authority (CA) will send you a new CRT file (such as -- YourDomain_com.crt) and a new CA chain or bundle file (such as -- YourDomain_com.ca-bundle). | ||
- | |||
- | Using Filezilla FTP - Site Manager - SSH login with your standard username and password, just upload the new domain.csr and domain.ca-bundle file. Sometimes the ca-bundle file has not changed. | ||
- | |||
- | FTP upload those 2 files to the sub-folder in this path: / | ||
- | |||
- | Login again as the standard user, using Putty SSH, and switch to root user in the terminal window. | ||
- | <code java> | ||
- | mv yourdomain_com.crt yourdomain_com.crt-expired | ||
- | mv yourdomain_com.ca-bundle yourdomain_com.ca-bundle-expired | ||
- | </ | ||
- | |||
- | Copy the two newly generated SSL files from your / | ||
- | Example: | ||
- | <code java> | ||
- | cp / | ||
- | cp / | ||
- | </ | ||
- | |||
- | While switched to root user, the purpose for using root to copy these two files is (1) so that copying is permitted to a web/root user directory like /etc/ssl/, and, most importantly (2) that these files' Owner/Group access permissions are changed to root:root without the necessity of running chmod commands, and these root:root owner/group permissions are required for apache2 and/or the linux system to properly access these files. | ||
- | |||
- | A reminder here, that your yourdomain.conf and yourdomain-ssl.conf files should already have been configured the last time you setup SSL, and, unless you changed the filenames of the CSR and CA-Bundle, then your yourdomain-ssl.conf files for your website should already contain the paths and exact filenames to access these 2 file names (CSR and CA-bundle) as well as the path to the server.key (or private.key) file either located in the path /etc/ssl/ or the path / | ||
- | |||
- | All you need to do now from the Putty terminal prompt is restart the apache2 service. | ||
- | <code java> | ||
- | service apache2 restart | ||
- | </ | ||
- | If you are not switched to root user, then try this restart command. | ||
- | <code java> | ||
- | sudo service apache2 restart | ||
- | </ | ||
- | |||
- | |||
- | |
renewing_a_comodo_ssl_certificate_in_ubuntu_and_apache2.1586618957.txt.gz · Last modified: 2020/04/11 15:29 by wikiadmin