Create san.conf 1[ req ] 2default_bits = 4096 3prompt = no 4encrypt_key = no 5default_md = sha256 6distinguished_name = dn 7req_extensions = req_ext 89[ dn ] 10CN = example.org 11emailAddress = webmaster@example.org 12O = Example Memorial Hospital 13OU = Example Memorial Hospital 14L = Chicago 15ST = Illinois 16C = US …

1www.example.org.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >> www.example.org-bundle.crt See details in https://helpdesk.ssls.com/hc/en-us/articles/203427642-How-to-install-a-SSL-certificate-on-a-NGINX-server

1openssl x509 -noout -modulus -in certificate.crt | openssl md5 2openssl rsa -noout -modulus -in privateKey.key | openssl md5 3openssl req -noout -modulus -in CSR.csr | openssl md5

It's quite expected that certificate won't renew as the automation has been broken. What you can do is install the apache version of certbot 1yum install python-certbot-apache and re-issue the certificate 1sudo certbot --apache -d www.example.org

1openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key

1openssl req -out CSR.csr -key privateKey.key -new

1openssl req -out CSR.csr -key privateKey.key -new

1openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

Get it via chat to Comodo, one would pop-up from https://support.comodo.com/index.php?/Knowledgebase/Article/View/1145/1/how-do-i-make-my-own-bundle-file-from-crt-files. Make sure you edit your profile where they could send the information.

Apache 1SSLCipherSuite …