Steps to renew your Comodo SSL Certificate on AWS

We had deployed a Laravel application on AWS about a year back. We had used Comodo’s SSL for this web application. As the SSL expired, we had to go through the renewal process to make sure that the website does not have the Privacy Error message /  ‘Not Secure’ warning.

We followed the following steps.

  1. Upload a new CSR. We used openssl command
    openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr
  2. Once the CSR is generated, login to the Comodo account and upload the CSR (copy paste works)
  3. This will trigger a mail from Comodo for validation purposes. Note that the email is sent to the email id of the domain registrant in the whois record (and not the email id registered with Comodo).
  4. Open the email from the step 3 and follow the steps mentioned in the email.
  5. If everything is ok in step 4, Comodo will issue a new certificate. This certificate will be emailed to the email id registered in Comodo. Alternatively, the .zip file can also be downloaded from Comodo account.
  6. The zip file consists of 2 files.
    1. Extract all of the contents of the ZIP file that was sent to you and copy/move them to your server. The extracted contents will typically be named: yourDomainName.crt and yourDomainName.ca-bundle
    2. Move all of the certificate related files to their appropriate directories. Before moving, I strongly recommend that you take a backup of the existing folders / files. You may need to sudo.
      1. Move the Private Key that was generated earlier to the ssl.key directory, which is typically found in /etc/ssl/private. This must be a directory which only Apache can access.
      2. Move the yourDomainName.crt and yourDomainName.ca-bundle to the ssl.crt directory, which is typically found in the /etc/ssl/certs directory.
  7. Assuming that you are renewing the SSL Certificate and all other settings are done before, you are all set. Just restart apache server and you should see that the new SSL certificate is now enabled. The Not Secure warning should have gone.

Useful links:

https://support.comodo.com/index.php?/Knowledgebase/Article/View/1/19/csr-generation-using-openssl-apache-wmod_ssl-nginx-os-x

https://support.comodo.com/index.php?/Knowledgebase/Article/View/637/0/certificate-installation-apache–mod_ssl

https://ssl.comodo.com/support/ssl-certificate-installation-in-apache.php

Leave a Reply

Your email address will not be published. Required fields are marked *