Question
How to rekey a GoDaddy SSL certificate with Apache on Ubuntu
- Posted on December 1, 2013
Asked by lance210756
Hi everyone,
I’m trying to move an existing SSL certificate to my new digitalocaen droplet and am following the tutorial here: https://www.digitalocean.com/community/articles/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-12-04
GoDaddy shows the following for my certificate: Common Name:www.repfineart.com Organization:www.repfineart.com Organization Unit:Domain Control Validated Serial Number:22121223482928715 (4E:97:22:B3:B2:6E:4B) Certificate Details Type:Standard SSL Private Key Length:2048 bits Signature Algorithm:SHA-1 Issuing Organization:Go Daddy Valid From:3/27/12 1:22:41 PM GMT Valid To:9/7/16 7:13:06 PM GMT Status:Current
Here I am generating the CSR: root@web:/etc/apache2/ssl# openssl req -x509 -nodes -days 1012 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt Generating a 2048 bit RSA private key …+++ …+++ writing new private key to ‘/etc/apache2/ssl/apache.key’
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:Arkansas Locality Name (eg, city) []:Little Rock Organization Name (eg, company) [Internet Widgits Pty Ltd]:www.repfineart.com Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:www.repfineart.com Email Address []:lance@repfineart.com
root@web:/etc/apache2/ssl# more apache.crt -----BEGIN CERTIFICATE----- MIID/zCCAuegAwIBAgIJAKqnrQwK2+FfMA0GCSqGSIb3DQEBBQUAMIGVMQswCQYD VQQGEwJVUzERMA8GA1UECAwIQXJrYW5zYXMxFDASBgNVBAcMC0xpdHRsZSBSb2Nr MRswGQYDVQQKDBJ3d3cucmVwZmluZWFydC5jb20xGzAZBgNVBAMMEnd3dy5yZXBm aW5lYXJ0LmNvbTEjMCEGCSqGSIb3DQEJARYUbGFuY2VAcmVwZmluZWFydC5jb20w HhcNMTMxMjAxMTcyNjUwWhcNMTYwOTA4MTcyNjUwWjCBlTELMAkGA1UEBhMCVVMx ETAPBgNVBAgMCEFya2Fuc2FzMRQwEgYDVQQHDAtMaXR0bGUgUm9jazEbMBkGA1UE CgwSd3d3LnJlcGZpbmVhcnQuY29tMRswGQYDVQQDDBJ3d3cucmVwZmluZWFydC5j b20xIzAhBgkqhkiG9w0BCQEWFGxhbmNlQHJlcGZpbmVhcnQuY29tMIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArlSkwmIZQJwegs1txIJWpv7nCqnTJZFl d1A9i1P2PHynjXVWqCO29KxqfHRl62TuWZ4qKIH05yVaFJm5wxWmDUu7BjWV3Iuq SVBdfergEjHhkRtC8IjxV5BVCU/eu40ErxvqQp7qYQq7IfmQfa/rpNzsVHq3aOS8 wUZ7iXot0RhIcwL5u0SbV1Ln/svV+S2HWA1edrjsB/W1lSvR6s+4WtJDHscoWbbV UsE33tcx0HkcutTQMhLCHOT1l1Ao3k5m+zRjmfZoTnpMBtGiebOye+/xm2qBb2rH EAVtAqxVv36gvqYHT1FVtT5KlG1onPTQxZgk+trJ69b7z83R6AIdJwIDAQABo1Aw TjAdBgNVHQ4EFgQUJ2/dAn8Kcv2GqbUbQ2fktvVpQA4wHwYDVR0jBBgwFoAUJ2/d An8Kcv2GqbUbQ2fktvVpQA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOC AQEARKsDGp9lv9bBYhJsQIB/33fQsK88KMvQ5W73+bn1NXXoleOtcccMcOUFxNF6 euWNaQ3L1lW0EBtjzzyRapQaRiOurLEr+Ok8TWBds8zRO9CW+mER9qQXisy43miA hrNbdLTYKX5xgvNh0OwGkhJ9qLB9ktwYrJ2FZkfbca1t5E0hHvXyGOJDNK9DEsy8 Il9fl9s5VF69MHKCQ9vjGVDpnGLNharCjHP3c90WT5qTsRxktuZx1kZPEW0/IMFj GINBfTt285Okz4W9IdQUQmPcBK2aK2/XnsOhjYsi6Dj/VVBoGrgpO2UEa1RD925m F000yoeMKB/wMN/vXFGDKJHCyw== -----END CERTIFICATE-----
I then take the apache.crt contents from above and paste into the CSR field at GoDaddy. I select rekey this certificate and it returns an “Invalid CSR” error. I have tried pasting with and without the —CERTIFICATE— lines.
I’m really stuck here and could use a nudge in the right direction. Thank you!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Want to learn more? Join the DigitalOcean Community!
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.
The issue was this command: <br>openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt <br> <br>Using this command worked: <br>openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr