Step-1: openssl genrsa 4096 > account.key How to generate a new account keypair using openssl: Generate an account private key if you don't have one: (KEEP ACCOUNT.KEY SECRET!) openssl genrsa 4096 > account.key Print your public key: openssl rsa -in account.key -pubout Copy and paste the public key into the box below. Step 2: NOTE that for this step, if I paste the command provided below, then I will get an error about a "missing re-direct" The way around that is just to enter the command: openssl req -new -sha256 -key domain.key and then just answer the questions interactively instead of having them piped in form redirects. How to generate a new Certificate Signing Request (CSR): Generate a TLS private key if you don't have one: (KEEP DOMAIN.KEY SECRET!) openssl genrsa 4096 > domain.key Generate a CSR for your the domains you want certs for: (replace "foo.com" with your domain) Linux: #change "/etc/ssl/openssl.cnf" as needed: # Debian: /etc/ssl/openssl.cnf # RHEL and CentOS: /etc/pki/tls/openssl.cnf # Mac OSX: /System/Library/OpenSSL/openssl.cnf openssl req -new -sha256 -key domain.key -subj "/" \ -reqexts SAN -config <(cat /etc/ssl/openssl.cnf \ <(printf "\n[SAN]\nsubjectAltName=DNS:foo.com,DNS:www.foo.com")) Copy and paste the CSR into the box below. openssl req -new -sha256 -key domain.key -subj "/" \ -reqexts SAN -config <(cat /etc/ssl/openssl.cnf \ <(printf "\n[SAN]\nsubjectAltName=DNS:carolinacustom.com,DNS:www.carolinacustom.com")) Step 3: echo -n "eyJ1cmwiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCIsImFsZyI6IlJTMjU2Iiwibm9uY2UiOiIxQUFEczd6VXNialhtYlBLaDJDWnlkbFA5SFlNOURtSzdRVHFCLWFycl9ZcTdpYyIsImp3ayI6eyJlIjoiQVFBQiIsImt0eSI6IlJTQSIsIm4iOiJ2RElhVWwwSmxwVGVRMk9TTkgzRlowZmcxUV95bWplZW5PMUh3bWZnY1NRQ2t3X3JWdHdhUEpQLXdSMkRkdlR0b2xsZnhlUEV3V0RZb1hOT2FYVFFnZUFVRENhamdENmhpM2dGV0d2UDFCOS16WG5OX3lsNXlFbnZMcTB4eG1Gc2sydGUtcC1DcG9PUFAyX2VMRjNTNUU5M0VReXN3eC1nNE9zdl9wWmZOd1dZSGNGQ3ZKWlFScVUtbnhNM1NOSlIwV1V6U2ppZzM2SGZXblZNZDI5cnZXcGc2QkhXSjA1VEROY292aWpPdEp5TFY3LTF5NG5VZjJoOUxVSFRmbWZKTTZJNEwtU1Y2WkxpaHNXNnhXb1JRVTYxM2ZVRjVZQlkwdlY1bVN1WlRka2tLR3NnYU9sTVpMU2Rpdk5zTUJ1dXJVUWFNcjZNdEJVV0Q1S3hPRGR5N0J4UTZzUmhLcDVUR09VWDYtR0xLcHlaQTc0T3RmUmJDYkdZc2NhU1RHQmhkRGdON2NXMXJJMWQtaVh6Z2RoSUVfRHVnaXZ3RUlPVTNaT1d4MGhFQ0NSbXpILWxLajU4SlpXeHUyN2dzRHZ6aVFlSXRjbXNaTzEzYUFsYVVfakgzemlwckdoZklwR3h5QTIyM2t6UW1sb29rX3dzYlRCdGZhd240dXM3RTU4YzVySExEVU8xRERGOHZ2N2stM1JqSHBoeHFVdThJU1RudkZSakRxeU1rc2F0N1dyTTlFekZWLXVGWTZIdGtmckdVRTZsNDNmWWVISEItcW54bnViZC1QZzBTLTlKWnpBUG41VG5MaEVyeVJ6V3JQSk1CMnlobzhHeFZxb2ZvSVQtQk9xNjdGbGJFMkczZnRubFppX0JWZk41anJBQjNzQUMtOGxwZksxN1paYyJ9fQ.eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6dHJ1ZX0" | openssl dgst -sha256 -hex -sign $PRIV_KEY 6075d9fce93f77d8a442d9402d06cc34f3c2d0cc11973c741d374563b428e6847260f3a6d0f53e82df41fa05b33c701f9cdc25970b9823ae943ec7de9ff796bab4aca59e22a62bf6b3115d757d5608c84e08cc134016ec9925ffe28866fc34867a5767ecb1f01ebac70766bb6fcdaae7545d9a563341a71d16eb44ae790692acaee4a0c121b9458426a752c7bf4e0ee1f76d9695f5b6a33481873837de8e8471f7f2c49a8f8d0a66b4dd9b991e0be5d826dcf17b1f8341e2b7501dc658979b5f247b0a72c789e489a66367926a149e4dc9a3005df5a42882e0284d1bf880dfe0acb370a1911378902978e85bb0e047302ad644eb0ef586a4867c17e667843db1719c4e1fff5e8cca74fd93628dacbc64139cf417dcda98c250daa9a12c4f89fe3abb6c497e34ffb01070ed86b5e10047a079ba8700293d184e947e994c18b1bb0b6845e3a8310ffb9a649b07030e3edf6c42d9f201c2ed3071d5ee152d9bb954a7ef1f5c51abf86c5599b6276c703e8896e88dbae067c5a271e8fc52699ad4ecd1bed5137e3d0ed14a4b8263ded71b143f838bad39a14bfdf171eb03bf058ab246ad986c610454f0ed09030b1e0942c9429b1dbeb89a3b3305017ad81af5a8ce8b605dd785c26e780b335901f39f75a3073bbc3037a93d4b72c5fd33bd36da14397163b012102d4c860ebb700b49715c06c0af3ca00b62efb40b781b7203e338 echo -n "eyJ1cmwiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzExNzAyNTMwODciLCJhbGciOiJSUzI1NiIsIm5vbmNlIjoiMUFBRG1XVS1jOTFDd2pVQV9fREQweE5taVZBUzVjY0Nua1ZQaFhzSl80VlRPMjQiLCJraWQiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzExNzAyNTMwODcifQ.eyJjb250YWN0IjpbIm1haWx0bzpzY2RlbWFyY0B5YWhvby5jb20iXX0" | openssl dgst -sha256 -hex -sign $PRIV_KEY 088e721cc32b9b594989ae553129d501fcd84e9b336fa9feb0104ba8599e0c2e220145e132a519839094b662c58d918a9bec6d194271243d41d9a6239c5ac4974e430e40724fa1215341a52e7b0fc8c2aa95974df9be1d12d4badeafad215cf0d9319398fcccf317d90f0a119c724c30047b49bcb03b685d7c90b4991b83ff5dbee0efbcc8b4df9a9f19da1a38b2abf5de4f2c6525341376c2560c40432f081b1eb5b657c574ec45a0991430d064a248350faacb7776f13de51020d2f349e6e9ea674d91a98de5cf7edd5bde262a4c17f4fc7be4a2e034253059c735110703d30433b68316fbcb3448fc2ee3f226e14e72b3325f35de8debe4744af79feb673b649f342be2699c6e780737e5c8b18da89b81d3a8807e336841869d980170011859b5250b4b593fc174eea8b982b951469247e178d92effca0dd10080b23474b873597f8acc48d3bbd52056d892c4ea4fa5d7be9d25055751db542f1a32799808721ab348b22ff6de9dfae07ff4e16e7a87b2a224aeea07044c3954c3208265e835472c05e53b187591b76ad10d97e3af8c9acea709719a818451c323989f6b9abdb706000cef98ff64515ad6f04a3f1a134d9bcb30ca13d55325c17fe6deda8629f82c6b9652cf34a781e489b899999183d7941578044ca19edd8f9df880c1287146bcda3f0d444e19edecaa20a6d157f6be1b6204c9d2091766fd0714b893d0 echo -n "eyJ1cmwiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCJhbGciOiJSUzI1NiIsIm5vbmNlIjoiMzcxQ2JPUGh4Rzh5RzNvUTl3M2ZheDdyS1kwRGxKQXF2YmxXSGZDcDQwemJMSzQiLCJraWQiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzExNzAyNTMwODcifQ.eyJpZGVudGlmaWVycyI6W3sidHlwZSI6ImRucyIsInZhbHVlIjoid3d3LmNhcm9saW5hY3VzdG9tLmNvbSJ9XX0" | openssl dgst -sha256 -hex -sign $PRIV_KEY 159b1ab9aa30b482ab0565039e3eb0d8acd535945f2f92ea9f07c57973e69a082590e4efb5464c85bbc9974f8ec8f69130f9e20146b493037208bb8e446eb9c1bfd8b83cb5467d02dc52d1172dd7757014aab5279e1ed584619c7d173260476a895196ef245e857e4a50d01489765e27d1c9f0765230eb538eddfefcb3bba6c8bb29ac4115ef6079ca73f461f7aa3d05636c7ead801d1e3af7f976567fbbad222fb3d412ae04d6dbc41acd4f230e45b00475a0865528aa868a1e39d4725924ca5908ac7479679e97a122aab1e8ebb1917effd2fc5d89667c37758b0664b59237b0521565742a9107b8be0601dad500c376702912a4e71b0d6ddc1ac3c3e9bc996ec5320a830cb7228fa74d8b5fd623d16fbfe8560f6048cd5b4af504a1ec43b7d7e6828155dc973b0b3c5115081f431768efaf3b95a3559648167cd354534ff12b473120811ddb6cf844d048b01c6d684c7ca7ae4bef3f303a7c303c9098982d25b42b2ea2f96605f1a4908ccf55dff47f9436c2e020ac5f910a4ea705bf1bf015250dbb469093878c4b1a8c419686ed4a289909e839ff1d472e08c364e37c13df985fc4f07b49194d67a131340410d3b33fe3fa2baf8eb4657973937089bf1f48863ff73c448907ee6d23b4e8f66157a879a6167b8e90fb2d693638a87af25cde6bcaf91b78bd15ca7df7912ae81f634c3090f64b0d70c723a6e279e399fbcf Step 4: python2 -c "import BaseHTTPServer; h = BaseHTTPServer.BaseHTTPRequestHandler; h.do_GET = lambda r: r.send_response(200) or r.end_headers() or r.wfile.write('wjKH59OQSBltefq9SbIoXsPYm_tN4qdplbZV1y5xM0M.w5hxvSMxTjlkIPmfKBdwS-5y0Kc2WUvmSAxYpzPokAU'); s = BaseHTTPServer.HTTPServer(('0.0.0.0', 80), h); s.serve_forever()" PLEASE NOTE: to avoid getting this error: Traceback (most recent call last): File "", line 1, in ? File "/usr/lib/python2.4/SocketServer.py", line 330, in __init__ self.server_bind() File "/usr/lib/python2.4/BaseHTTPServer.py", line 101, in server_bind SocketServer.TCPServer.server_bind(self) File "/usr/lib/python2.4/SocketServer.py", line 341, in server_bind self.socket.bind(self.server_address) File "", line 1, in bind socket.error: (98, 'Address already in use') It is necessary to su to root and stop the apache webserver with "astop" echo -n "eyJ1cmwiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8yMzkyMDM1NDcyOTcvdXlVYnZnIiwiYWxnIjoiUlMyNTYiLCJub25jZSI6Ijg1M0Y5TUVzMFMtWjVBQ1JNQlVnTjFHUFFLVnpSOWh6QTU2OWtuSWVVTlFpMXkwIiwia2lkIjoiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMTcwMjUzMDg3In0.e30" | openssl dgst -sha256 -hex -sign $PRIV_KEY 8fc92da6093f82355e3fb57ec68c682a6a70c1b41b8c94a5bdd791f05f930459ac1a633ea1b9a1e9fce2552218a5c03363ec09eb49a3a8509519b7cd93c207ee5be0b02ac980f1bbb0de960f2f832aac2a759ac9261e42feae9c3c235232d728a31ef4c3f5aec1f0b54ad402b5a17e4a211e54bf127421e6a121bbb525bd10640f56d0a015a67869db7ff67ed99da996071684cc14acc801261b34c1c8f88f405a7d75b443ccc1b6548cd76cddd83807ac86df166024e66be46f4c27fe329de821541d09a1fffd12554897da01d4f66af9f5e3e076a64ff8e958c9cf046497fe12c796ddfe570d46a32d790ee38e6c242d53fa185713c33ba702def14b601c14701bea39d987b055a469ca9d15fbd7480f6f3e24f9aec3744b028b9743ec921f5bbe04f0da58a09863cdce4b3467f14ec0f6ffec3c52c5a5fac29d5c3d17a5d3d1bc8d93694e68dedb2963b332bc52d8848464d9122d95050f18e337fe3d9210b58ca72bc4cff7bd594193aa3013618f78ae8f1a2515816696191302ac6156265e1bfc8e369320810771f6c16c09c7bc5c51cc6f59a8f8aad47b34fc307c0673639c0859bfc41a97c70369cc3a48a5ffeec3738abcea38b03c7a66c8e33f6e89722502a7f9b89823b64cc84f39edcc2183613628cff81e5e6de7a2e833845287e7983f99d51cd36a23792fd536be83deed0016d8159afe97ba7accbfee0d96ee echo -n "eyJ1cmwiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9maW5hbGl6ZS8xMTcwMjUzMDg3LzE5MDMzNzU2OTExNyIsImFsZyI6IlJTMjU2Iiwibm9uY2UiOiI4NTNGTlVMMTNuTVhQU3lxZXJGMC1TWTBHaG1aNHlXYXBQRjBaOUZXX3dyelgtVSIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE3MDI1MzA4NyJ9.eyJjc3IiOiJNSUlFOGpDQ0F0b0NBUUF3Z2F3eEN6QUpCZ05WQkFZVEFsVlRNUmN3RlFZRFZRUUlEQTVPYjNKMGFDQkRZWEp2YkdsdVlURVFNQTRHQTFVRUJ3d0hRMnhwYm5SdmJqRVlNQllHQTFVRUNnd1BRMkZ5YjJ4cGJtRWdRM1Z6ZEc5dE1SUXdFZ1lEVlFRTERBdEZibWRwYm1WbGNtbHVaekVmTUIwR0ExVUVBd3dXZDNkM0xtTmhjbTlzYVc1aFkzVnpkRzl0TG1OdmJURWhNQjhHQ1NxR1NJYjNEUUVKQVJZU2MyTmtaVzFoY21OQWVXRm9iMjh1WTI5dE1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBczVUbVdGR2NZZEJidDJuR2hUdlNiYnNSaWdCU3NCa1VzQ2J4S2Nza3I5NXBfc0tobzRMb1pXb3IxMjBpaUtqUVZJOGRoZDFyMjViRHBQem1jd3c5TkY2VUFiR3BqMXRlZEFiVDZPdExVVWhDSEZ5dDA1MHRNa1RYM1djbnhwR2tGT1FQM3JJTW4zemVwMmhyeDJoOTJDUEJ1NWtCazBUaUF4ZEVFa0JKZDJEWGJfX2pIZWVxWUk2UWtfenJJcDRlRnc3c1lmelVfMUFWRXRTaEJuNFMzSnNuZGJKUjdqaFV5ZFctN0hURnJLQ0xmYmhIei05TThWUTI0RzRNdmQzTXpsclZKRjEtenNYWDVPVDRtYVVveGZEVXVVTmR0WDZ1UTJKQ1dOcXo5andkY0M1bUxCOUtZVEt0MG1DdEFzeHYza05KMkNEQTN3UVRiT3FUaXFXYTlUU0gzdU54YkpqaDM2anY0T2VvY1diaGIxeDVZaWUxREREZUtkdXNrOWtHNXlTRkhCY2JuM0ZCQzBmOXFXa2swa25kRFhfQ3NFZjFfdFJPLVJQOWJFLURlZS0xQTRyZFViZ003cUN1d2F5X0NCQjJHYmU3dndZRmJWcksyMnQwLWlnRkI4Z0hzMnlrSjQtWUpZVXNveEJ3QktnNWFheFhGTVI2d0xkTGtIbkMyeHhIdEpZSTRsQUpCc3RDaFhkMkRUREZpZ2k0VkF1dWZCUEY1eDhjM1diMDFQMUFoaXNjcnlXMzdUaHRJOXJzWTBOSUhxTWpzQkFzVTNyX0RnMVhXazQwRGNsUGEzaEd0X0h2RUR1VEFxSnJIVFY0aU5NMHU4cVgwVHN6OVpwM194UXFmclVmNjBrZDZKZzdVdTdLNUlfTlh6SS1XM3Mxa2xTWnRfdUdkUWtDQXdFQUFhQUFNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUF3bUZRQW5FRkEtXzJSbUNEVmJBSUxuckowTVE3ZjVuZ2dhel9iOFd6WWItbHZqV3dGZVNwSmlJdi1mdGtfdE80SlgzZ2xpQjAzRnJpNEt5YzEyRlU2SjZ0dk43MU9pWTVscTJOMEY1NUJxLWtpb1k2QktOQlNLQzJ1S1VJQldveUdaN0E3YVhTNGhsbTdCWGVhX1NEWnJkSHBHTjFtbFJBRk5FN0NnWjRRZFZkOVZzcjdTSUpKM1pLbXZlUVJRVlI1RlBQVlU3Uk5xNGdRdVpXenkwWkpvWC1ic0hjUXB0X0dGWnB6cnNHOUNXajZzS19Ubi0zaFZxUlEwM21LeU1sWnpkeUVNSU1QQ3BvMWt5YTY1WC1vQjV4UWJ3NERNdmI5aGFnc3VPRmpnTFRJb3gxQnJlSnYyU3BxdWFKYVBmZ2JyWGVzOXhzZGRwelJHNlM1VEVMZG1wTXZJbVZYQVRqRlhDbW9lcUlZZUhJVEJldTdQcXE1NUZJSS1QdmxIUmU2Q2VlQ1hnaUcxT1phU2VheVdZSGg2Zkwtb0w0WXZSX01Xd3ZxZ2o5S2dpN0M3OWRlZHYyc2pVTkUwREpMdkh2ZWx1aC1IbnE5Vko1bDdSWEJUYlVqRmtZbTl4Mm5rOEJkT0lidlk0QmJ4RlBsMDRad2p4VUNES1gzUUFaR2tfQ2M5S0hfMTJBTnRKQVRkVzZ0ZTRwZ0VVOEU2cXJMSVYzMVpsejJxRjFxWXo5RUZfQkt6QXNZN1ViS2hoMGJDWm81dDFzZUw5RXdZRnhpZEtQcEJrMWpjck8zMmsxVUNiV0hTQ3pMTDN3ZVV1SDZQTERfdEMyUjI4bDNmSDFVcXZpN2pKUkNubnRRTlZvNGZIZEdjQ0VHcFJ5QjBpSHVIRlVWOXd4QzZMVXFNdyJ9" | openssl dgst -sha256 -hex -sign $PRIV_KEY a71d3e66f92673f3b39658ce865f07af0eef2ed17c473e5273f1c68a2be6fe4409ac106a175fb76d5836e72b398fd95766c472c53bad9a734f2bc6754d63c092197dc47595ab08e1b2f8af25982f0aafc6c11c7aaf9538054891dd1db3447999d1491ae93139385977d6c010f422e49f11ebd6b715a34c5c224c69eedd16e1342302cd27809f6a1e1af858df680144906d5adba831e2ef8b0156573c735e181f2933f370960cecca8e8ca7bbe437b3b84babdcfb9897ee82b337fed5c54b0ec4a02d57356fa306da9615d9b98ca671cd8738aa9b3d00e7778fe69b78603d0a37e590ac420d941f26f85a7b977e3ba0babdfdb91935f72204dfb395fb85877e5e359a45c25ab5e276e33c53b9c3bc9866d69e01e683c96d50822d1332d13b076a15854e5ed7554ccb17669a7bde8b4a70edeeb2bf4e11682e4777c41873bbf54e67aba051d65de5bf3f15dd08f8cf0df4c35afae9920a90ba92682474ff2d8267305cc7853c6d126db2bfb28a0c6d9bfa72ae9bf9acb43807170bd3b814eaf5fbf4daa46105911ccebb69275e3aa552a1f79ffdb292e428b1161a82f88fcb6790c616b71ea0ce1140be7dd7832cf6af5a1150c65e0cfa512a86cd214d4b0b875202b3516d661974f9b42194b32fce485445b107a625b36f3258a95b8437b8a64739abfc4d1958ee02eb8b80ce42251512def06380290a835b3c623dccdf5c93db cp -a /home/scdemarc/www/ssl_cert/lets_encrypt/2023_06_22/domain.crt /usr/local/apache/conf/ssl.crt/carolinacustom.crt cp -a /home/scdemarc/www/ssl_cert/lets_encrypt/2023_06_22/domain.key /usr/local/apache/conf/ssl.key/carolinacustom.key