Differences

This shows you the differences between two versions of the page.

--- renewing_a_comodo_ssl_certificate_in_ubuntu_and_apache2 [2018/05/02 20:30] – wikiadmin
+++ renewing_a_comodo_ssl_certificate_in_ubuntu_and_apache2 [2020/04/11 15:29] – wikiadmin
@@ Line 5: / Line 5: @@
 Use Putty to login remotely to your ubuntu web server using SSH. Login with your non-root username and corresponding password. Switch to the root user by again supplying the user password. Navigate away from your user directories and go to /etc/ssl by using the command cd /etc/ssl/.  Use the "ls" command to list the contents of the /etc/ssl directory.  Notice that you are within the same directory that has the expiring certificate file "<your_domain>.crt" and the private key "<server>.key."
-You may use OpenSSL to generate a new CSR (code signing request or certificate signing request) based upon the old certificate and the existing private key.  Many instructions will suggest that you generate a new private key and a new CSR from that new key.  It seems so unnecessary.  In fact, within the /etc/ssl directory, you may find the original or previous CSR file that was used to generate the original SSL certificate.  The file name might be "<yourDomain_com>.csr."  Use FTP to download a copy of the CSR file to your windows based PC.  Using Notepad++ editor (recommended), you can Open that previously generated CSR file, copy its entire contents to your windows clipboard (including the "Beginning" and "Ending" lines at the top and bottom of the file contents), and paste the clipboard contents (as text) into the CSR Activation screen at your Domain Registrar. Submit the CSR.  Choose your validation method (email, web, Dns, whatever).  I use email for validation of my authority to control the domain - just setup an email account for admin@yourdomain.com.  "Admin" is usually one of the choices of email account names for email validation.
+You may use OpenSSL to generate a new CSR (code signing request or certificate signing request) based upon the old certificate and the existing private key.  Many instructions will suggest that you generate a new private key and a new CSR from that new key.  It seems so unnecessary.  In fact, within the /etc/ssl directory, you may find the original or previous CSR file that was used to generate the original SSL certificate.  The file name might be "<yourDomain_com>.csr."  Use FTP to download a copy of the CSR file to your windows based PC.  Using Notepad++ editor (recommended), you can Open that previously generated CSR file, copy its entire contents to your windows clipboard (including the "Beginning" and "Ending" lines at the top and bottom of the file contents), and paste the clipboard contents (as text) into the CSR Activation screen at your Domain Registrar. In other words, after you have purchased the 2 year renewal of the SSL certificate, you can go back to your domains page and click "Activate" on the action dropdown box next to the renewed SSL certificate product that is associated with your particular domain, and you will be asked to paste the CSR the entire text "CODE" into the Text Box. Paste the code from ** = = = Beginning = = = through = = = End = = = **, and then click the button to submit the CSR (request).  Choose your validation method (email, web, Dns, whatever).  I use email for validation of my authority to control the domain - just setup an email account for admin@yourdomain.com.  "Admin" is usually one of the choices of email account names for email validation.
 After you validate your authority, then your domain registrar or certificate authority (CA) will send you a new CRT file (such as -- YourDomain_com.crt) and a new CA chain or bundle file (such as -- YourDomain_com.ca-bundle).
@@ Line 11: / Line 11: @@
 Using Filezilla FTP - Site Manager - SSH login with your standard username and password, just upload the new domain.csr and domain.ca-bundle file.  Sometimes the ca-bundle file has not changed.
-FTP upload those 2 files to the sub-folder in this path: /home/yourusername/Downloads/newcsr/
+FTP upload those 2 files to the sub-folder in this path: /home/yourusername/Downloads/newcrt/
-Login again as the standard user, using Putty SSH, and switch to root user in the terminal window.  Switch to /etc/ssl/ directory and rename the old csr and ca-bundle files.  Use the Move command to rename files, such as
+Login again as the standard user, using Putty SSH, and switch to root user in the terminal window.  Switch to /etc/ssl/ directory and rename the old crt and ca-bundle files.  Use the Move command to rename files, such as
 <code java>
-mv yourdomain_com.csr yourdomain_com.csr-expired
+mv yourdomain_com.crt yourdomain_com.crt-expired
 mv yourdomain_com.ca-bundle yourdomain_com.ca-bundle-expired
 </code>
-Copy the two newly generated SSL files from your /home/yourusername/Downloads/newcsr/ directory to the /etc/ssl/ directory.  Make sure you use a capital "D" in Downloads.
+Copy the two newly generated SSL files from your /home/yourusername/Downloads/newcrt/ directory to the /etc/ssl/ directory.  Make sure you use a capital "D" in Downloads.
 Example:
 <code java>
-cp /home/yourusername/Downloads/newcsr/yourdomain_com.csr /etc/ssl/
+cp /home/yourusername/Downloads/newcrt/yourdomain_com.crt /etc/ssl/
-cp /home/yourusername/Downloads/newcsr/yourdomain_com.ca-bundle /etc/ssl/
+cp /home/yourusername/Downloads/newcrt/yourdomain_com.ca-bundle /etc/ssl/
 </code>