Applying a generated certificate on web server
Configuring Certificate for Renewal
Login to nagios.apoyar
Copy b2b.bleckmann.com.key file to nagios from phobos.apoyar
• scp neal@phobos:/home/neal/b2b.bleckmann.com.key ./
Note:- If getting error while copying, need to change permission of that file on phobos.apoyar
• chmod 444 b2b.bleckmann.com.key
then copy same key file to returns server (bleckmann live)
• scp b2b.bleckmann.com.key returns@10.208.192.174:/home/returns/
After this move crt file from returns server to nagios and then to phobos using below commands
• scp returns@10.208.192.174:/home/returns/b2b.bleckmann.com.crt ./
• scp b2b.bleckmann.com.crt neal@phobos:/home/neal/
Login to phobos.apoyar
Now, we have crt, csr and key at /home/neal/certs/ on phobos.apoyar
Now go to
• cd /home/neal/certs/generated/bleckmann
move all three files here
• mv /home/neal/certs/b2b.blecmann.com* ./
and then remove key file from nagios
Now, login to returns server
Compare crt and key file with below command
• openssl x509 -noout -modulus -in b2b.bleckmann.com.crt | openssl md5 && openssl rsa -noout -modulus -in b2b.bleckmann.com.key | openssl md5
Now, move crt & key to below path
• mv b2b.blecmann.com.crt /etc/ssl/certs/
• mv b2b.blecmann.com.key /etc/ssl/private/
Note:- If getting error while moving either crt or key, check for owner and permission and change if needed with below commands
• chown root:root filename
• chmod 400 filename
Then go to
• Cd /etc/nginx/sites-available
Here, search for website configuration file with below command
• grep –rmv ‘/etc/nginx/sites-available/’ –e ‘b2b.bleckmann.com’
then edit that conf file
• vi b2b.conf
change crt and key file path in conf file
save and exit file
• :wq!
Note:- Repeat above steps of editing .conf file, if we have multiple domains
Then check for any errors with below command
• nginx –t
and then reload nginx (DON’T RESTART)
• systemctl reload nginx
At last, browse websites and verify those padlocks and certificate information