- A valid A record
- Valid Email address for Approval (within the domain is a requirement)
Generate the CSR:
openssl req -new -newkey rsa:2048 -nodes -keyout quantumhost.key -out quantumhost.csr
Common Name: The fully-qualified domain name, or URL, you're securing.
If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example, *.coolexample.com.
Organization: The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor's name.
Organization Unit: If applicable, enter the DBA (doing business as) name.
City or Locality: Name of the city where your organization is registered/located. Do not abbreviate.
State or Province: Name of the state or province where your organization is located. Do not abbreviate.
Country: The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered.
Copy all the content between BEGIN & END where "..." is the content.
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
Assuming you have ordered a DigiCert PremiumSSL Certificate on QuantumHost, log in to the client area.
Select Apache + ModSSL (in our case) or any other configuration that suits your setup.
Next window, select the approved email address, as this email address can only be below the owner of the domain itself; this is a Domain Validation (DV) certificate.
You will receive a Configuration Complete notification on the screen and also receive an email for approval.
Follow the "View the details and complete the request here (link is valid for 30 days)" and click the Approve button.
You can verify this on the Certificate's Product Details page.
At this point, you will receive an email from DigiCert with a .pem file attached to it.
Assuming you've uploaded the 2 .crt files from the .zip archive to the /etc/ssl/quantumhost.org/ directory on your Cloud server.
snap remove certbot
# m h dom mon dow command
#43 6 * * * certbot renew --post-hook "systemctl reload apache2"
Testing Your SSL/TLS Certificate Installation
For best results, make sure to close your web browser first and then re-launch it.
Be sure to test your site with more than just Internet Explorer. IE downloads missing intermediate certificates; whereas, other browsers give an error if all the certificate chain certificates aren't installed properly.