WebFaction
Community site: login faq

It's time to renew my GoDaddy-generated SSL certificate and I'm having a little trouble with the official instructions (here: https://docs.webfaction.com/user-guide/websites.html#renew-a-certificate).

I am trying to use an automatically-renewed SSL cert generated by GoDaddy.

I can very easily go to my site's "Edit Certificate" page but the fields that are there and the fields in GoDaddy's certificate don't really match. The WebFaction dashboard is asking for at least a certificate and a public key but the certificate .zip file GoDaddy generated for me only contains -----BEGIN CERTIFICATE-----...-----END CERTIFICATE----- pairs (no -----BEGIN RSA PRIVATE KEY-----...-----END RSA PRIVATE KEY----- pair) and when I use the cert from GoDaddy in the WebFaction dashboard it says the cert doesn't match the private key.

GoDaddy provided me with two files in that .zip: a hexadecimal .crt file and a gd_bundle-g2-g1.crt file. The former contains only one cert and the latter contains three certs.

How do I continue here? Do I need to generate a new CSR and give it to GoDaddy? Is their automatically-renewed cert useless for WebFaction?

asked 30 Oct '16, 20:45

Warlax
1112
accept rate: 0%


The certificate should work, but the key and certificate must match. The private key is not provided by GoDaddy - it is created when you generate the CSR used to obtain the certificate. If the new certificate doesn't match the existing private key for the site, that means a different CSR was used to obtain the certificate and thus there is a different private key. If you can't locate this file, you'll have to generate a new CSR and key, and then have GoDaddy re-issue your certificate.

If you'd like for us to try the installation for you, please open a support ticket.

permanent link

answered 30 Oct '16, 21:05

maryh ♦♦
1.3k7
accept rate: 35%

Ah, I see. So, because they generated a new cert without knowing my private key (the key I had originally used to generate the CSR for the original cert they generated for me), there's no way this new cert would be useful for me on WebFaction?

(30 Oct '16, 21:37) Warlax

The certificate authority is not in possession of your private key, only the CSR. The key is created when the CSR is generated. If you don't have the key that matches the CSR they used, you won't be able to install that certificate. There is no way to make the certificate work without a matching private key. The solution is to generate a new CSR and key, and have the certificate re-issued using the new CSR.

(30 Oct '16, 21:45) maryh ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×93
×27
×16

question asked: 30 Oct '16, 20:45

question was seen: 2,637 times

last updated: 30 Oct '16, 21:45

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM