How Nexcess clients on physical (non-cloud) servers can re-create SSL keys by either using SiteWorx or the command line interface (CLI).
You must have a Nexcess account on a physical (non-cloud) server. If you are a Cloud client, see instead How to add SSH keys to your Nexcess Cloud account.
Attention: This method will create some site disruptions in service, until the new SSL certificate is generated and installed.
Step 1: Save your SSL records
- Log in to your SiteWorx account.
- If you do not know your password, click Forgot Your Password? on the login page.
- If you do not know the web address for your SiteWorx login page, either refer to your Welcome Email or contact our 24-hour Support Team for assistance.
- From the main menu, select Hosting Features > Domains > SSL.
- Copy all three documents, Private Key, CSR Chain, and SSL separately, and paste them into a document for use later.
- Delete the Private Key, then the CSR and SSL Certificate will be removed.
Step 2: Regenerate your SSL credentials
ATTENTION: Only 2048-bit is accepted for key length.
- Click Setup Private Key.
- Click Generate, and a Private Key will be created for you.
Step 3: Generate a CSR
- In the Manage CSR dialog box, type your company name and location, which should match the information from your previous certificate.
ATTENTION: Use caution when specifying a name in the Common Name field. Be aware that www.example.com does not equal example.com. The SSL will display as invalid if the common name does not exactly match your real URL. For assistance, contact our support team.
- Click Generate.
- If you purchased your certificate through Nexcess, send these two files to firstname.lastname@example.org so we can assist. If you purchased your SSL certificate through a third-party provider, send these two files to the certificate provider instead.
Step 4: Install the old SSL certificate
- In order to keep your site secure while the SSL Certificate is regenerating, install the old SSL Certificate so your site will function properly.
- Copy the contents of your previously generated private key, chain and CSR, and keep for later use.
- Delete the existing contents and replace them with the previously installed Private Key, CSR, and SSL certificate.
ATTENTION: All certificates must have at least a 2048-bit key size.
- Log in to your server instance using the SSH credentials provided to you in the Nexcess Welcome Email.
openssl req -nodes -newkey rsa:2048 -keyout <newkeyfile.priv.key> -out <newcsrfile.csr>
- This command will generate a 2048 bit RSA private key titled newkeyfile.priv.key and a CSR titled newcsrfile.csr.
- The following fields must be populated before the certificates are ready, and the private key is regenerated.
ATTENTION: When prompted for a pass phrase: Do not enter a passphrase for your SSL. We do not require it on our servers.
- Country Name: Use the two-letter code without punctuation for country, for example: US or CA.
- State or Province: Spell out the state completely; do not abbreviate the state or province name, for example: Michigan.
- Locality or City: The Locality field is the city or town name, for example: Berkley. Do not abbreviate. For example: Saint Louis, not St. Louis.
- Company: If the company or department has an &, @, or any other symbol using the shift key in its name, the symbol must be spelled out or omitted, in order to enroll. For example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
- Organizational Unit: This field is optional; but can be used to help identify certificates registered to an organization. The Organizational Unit (OU) field is the name of the department or organization unit making the request. To skip the OU field, click Enter on the keyboard.
- Common Name: The Common Name is the Host Domain Name. For example, company.com.
- A new private key and CSR have been created. Copy and paste the contents of these two documents, newkeyfile.priv.key and newcsrfile.csr into Notepad or a similar text editor.
ATTENTION: Microsoft Word or Apple Pages may insert extra characters, which can alter the contents of the private key and CSR.
- If you purchased your certificate through Nexcess, send these two files to email@example.com, and the support team will assist with rekeying your SSL. If you purchased your SSL certificate through a third party provider, send these two files to the certificate provider, and they will assist in having the SSL rekeyed.
For inquiries or assistance with SSL certificates, contact our sales team between 9 a.m. and 5 p.m. eastern time (ET), Monday through Friday.