Ssl csr renew - update

Community Support
1

Hi there, I have a custom SSL that i bought over a year ago and i implemented it on the mail section. ( I do not use hestia for the website )
Now i do not have the CSR file and I need it in order to re issue a new one for the email domain. What do you guys suggests me I should do in order to get a CSR file, make the new SSL cert and make it work on the email? Thanks a lot in advance.
Big shoutout to Jaap

2

Hi @ddoscomin,

My recommendation is that you ask to your certificate provider to know what are the steps you should follow.

Anyways, if you are using openssl version 3 (openssl version to view the version installed) you can create the certificate from your existing certificate (if you want the new certificate to have the same data as the current one).

Let’s say that your domain is example.com and your hestia user is ddoscomin.

Create csr from your current cert and key.

openssl x509 -x509toreq -copy_extensions copyall -in /home/ddoscomin/conf/mail/example.com/ssl/example.com.crt -signkey /home/ddoscomin/conf/mail/example.com/ssl/example.com.key -out /tmp/example.com.csr

Now you could send /tmp/example.com.csr to your certificate provider so they can sign in and send back your certificate.

Note: you can view the csr with this command:

openssl req -in /tmp/example.com.csr -noout -text

Once you get your cert, just replace /home/ddoscomin/conf/mail/example.com/ssl/example.com.crt with the new cert and you should also recreate /home/ddoscomin/conf/mail/example.com/ssl/example.com.pem with your new cert and the intermediate(s) CA that your provider is using… if any.

Once done you should restart exim4 and dovecot.

Note: always keep a backup of your current cert and key… just in case.

You could also create a new csr from scratch and create also a new key if you don’t want to reuse the existing one but there are tons of sites that explain that over there.

3

Hi @sahsanu !
Thank you so much for your comprensive and detailed answer. It was exactely what i was looking for.
I am unfortunately having an issue with the command. I tried researching around before braking your balls but seems I can’t find something usefull.
Once i try to create the csr from the current i cert i get:

x509: Unrecognized flag copy_extensions
x509: Use -help for summary.

Thanks again bro.

4

As I said, your openssl version should be 3+

1 Like
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.