Backup Files
Before attempting renew an SSL certificate, back up all your private and public keys to a secure folder.
Generate a New CSR
With Apache it is possible to renew the SSL Certificate with the original CSR, however, most sites recommend creating a new CSR.
The key piece of information is that creating a certificate with an identical DN, the new key will not invalidate the previous key. This allows
Condensed instructions are as follows:
Gather the following information from the existing certificate
Country Name (2 letter code) [AU]:CA
State or Province Name (full name) [Some-State]:Ontario
Locality Name (eg, city) []:Toronto
Organization Name (eg, company) [Internet Widgits Pty Ltd]:The Planet Earth Incorporated
Organizational Unit Name (eg, section) []:Earth Defence
Common Name (eg, YOUR name) []:www.earth.com
Email Address []:admin@earth.com- Run openssl to generate a new server private key
openssl genrsa -out www.example.com_server.key 2048
- Generate a CSR with the private key
openssl req -new -key www.example.com_server.key -out www.example.com_server.csr
- Submit the CSR to your root CA to be signed