Question
How to rekey a GoDaddy SSL certificate with Apache on Ubuntu
Hi everyone,
I'm trying to move an existing SSL certificate to my new digitalocaen droplet and am following the tutorial here:
https://www.digitalocean.com/community/articles/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-12-04
GoDaddy shows the following for my certificate:
Common Name:www.repfineart.com
Organization:www.repfineart.com
Organization Unit:Domain Control Validated
Serial Number:22121223482928715 (4E:97:22:B3:B2:6E:4B)
Certificate Details
Type:Standard SSL
Private Key Length:2048 bits
Signature Algorithm:SHA-1
Issuing Organization:Go Daddy
Valid From:3/27/12 1:22:41 PM GMT
Valid To:9/7/16 7:13:06 PM GMT
Status:Current
Here I am generating the CSR:
root@web:/etc/apache2/ssl# openssl req -x509 -nodes -days 1012 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
Generating a 2048 bit RSA private key
...............................................................................................+++
.................................................................+++
writing new private key to '/etc/apache2/ssl/apache.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Arkansas
Locality Name (eg, city) []:Little Rock
Organization Name (eg, company) [Internet Widgits Pty Ltd]:www.repfineart.com
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:www.repfineart.com
Email Address []:lance@repfineart.com
root@web:/etc/apache2/ssl# more apache.crt
-----BEGIN CERTIFICATE-----
MIID/zCCAuegAwIBAgIJAKqnrQwK2+FfMA0GCSqGSIb3DQEBBQUAMIGVMQswCQYD
VQQGEwJVUzERMA8GA1UECAwIQXJrYW5zYXMxFDASBgNVBAcMC0xpdHRsZSBSb2Nr
MRswGQYDVQQKDBJ3d3cucmVwZmluZWFydC5jb20xGzAZBgNVBAMMEnd3dy5yZXBm
aW5lYXJ0LmNvbTEjMCEGCSqGSIb3DQEJARYUbGFuY2VAcmVwZmluZWFydC5jb20w
HhcNMTMxMjAxMTcyNjUwWhcNMTYwOTA4MTcyNjUwWjCBlTELMAkGA1UEBhMCVVMx
ETAPBgNVBAgMCEFya2Fuc2FzMRQwEgYDVQQHDAtMaXR0bGUgUm9jazEbMBkGA1UE
CgwSd3d3LnJlcGZpbmVhcnQuY29tMRswGQYDVQQDDBJ3d3cucmVwZmluZWFydC5j
b20xIzAhBgkqhkiG9w0BCQEWFGxhbmNlQHJlcGZpbmVhcnQuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArlSkwmIZQJwegs1txIJWpv7nCqnTJZFl
d1A9i1P2PHynjXVWqCO29KxqfHRl62TuWZ4qKIH05yVaFJm5wxWmDUu7BjWV3Iuq
SVBdfergEjHhkRtC8IjxV5BVCU/eu40ErxvqQp7qYQq7IfmQfa/rpNzsVHq3aOS8
wUZ7iXot0RhIcwL5u0SbV1Ln/svV+S2HWA1edrjsB/W1lSvR6s+4WtJDHscoWbbV
UsE33tcx0HkcutTQMhLCHOT1l1Ao3k5m+zRjmfZoTnpMBtGiebOye+/xm2qBb2rH
EAVtAqxVv36gvqYHT1FVtT5KlG1onPTQxZgk+trJ69b7z83R6AIdJwIDAQABo1Aw
TjAdBgNVHQ4EFgQUJ2/dAn8Kcv2GqbUbQ2fktvVpQA4wHwYDVR0jBBgwFoAUJ2/d
An8Kcv2GqbUbQ2fktvVpQA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOC
AQEARKsDGp9lv9bBYhJsQIB/33fQsK88KMvQ5W73+bn1NXXoleOtcccMcOUFxNF6
euWNaQ3L1lW0EBtjzzyRapQaRiOurLEr+Ok8TWBds8zRO9CW+mER9qQXisy43miA
hrNbdLTYKX5xgvNh0OwGkhJ9qLB9ktwYrJ2FZkfbca1t5E0hHvXyGOJDNK9DEsy8
Il9fl9s5VF69MHKCQ9vjGVDpnGLNharCjHP3c90WT5qTsRxktuZx1kZPEW0/IMFj
GINBfTt285Okz4W9IdQUQmPcBK2aK2/XnsOhjYsi6Dj/VVBoGrgpO2UEa1RD925m
F000yoeMKB/wMN/vXFGDKJHCyw==
-----END CERTIFICATE-----
I then take the apache.crt contents from above and paste into the CSR field at GoDaddy. I select rekey this certificate and it returns an "Invalid CSR" error. I have tried pasting with and without the ---CERTIFICATE--- lines.
I'm really stuck here and could use a nudge in the right direction. Thank you!
Add a comment
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.