So, its time for your SSL certificate renewal. You need to generate a new Certificate Signing Request (CSR) using OpenSSL w/ Apache + mod_ssl together with your Public Key and submit these to Sectigo or your favorite third party SSL vendor.
To generate your keys and certificate on your CentOS server using command line:
# openssl req -nodes -newkey rsa:2048 -keyout domain.key -out yourdomain.csr
These will generate two files: domain.key which is your private key and yourdomain.csr which is your CSR.
The extra attributes can be left blank particularly if this is a domain SSL certificate, else you need to supply the password every time you start Apache.
Submit and pay your renewal fees and wait for them to email your certificates.
You will be receiving these following certificates:
- Root CA Certificate – AddTrustExternalCARoot.crt
- Intermediate CA Certificate – USERTrustRSAAddTrustCA.crt
- Intermediate CA Certificate – SectigoRSAOrganizationValidationSecureServerCA.crt
- Your PremiumSSL Certificate – abc.com.ph.crt
Make a bundle file from all your CRT files:
# cat SectigoRSAOrganizationValidationSecureServerCA.crt USERTrustRSAAddTrustCA.crt AddTRustExternalCARoot.crt >> 2019_ssl_sectigo.crt
Update your apache.conf file under <VirtualHost> section with the new certificate files then restart your web server.