TE that with Let's Encrypt, it's now possible for me to generate a free SSL cert for CarolinaCustom rather than paying for one thru rapidssl. Here is the website that I used to guide me thru this certificate generation: https://www.getssl.in/letsencrypt/ The following were the usual commands that I formerly used to generate a cert thru rapidssl. openssl genrsa -des3 -out carolinacustom.key 2048 openssl req -new -key carolinacustom.key -out carolinacustom.csr But now, here are the commands for the new Let's Encypt certification (4096 bit now instead of 2048) ---------------------------------------------------------------------------------------------------- Step 1: Account Info ---------------------------------------------------------------------------------------------------- How to generate a new account keypair using openssl: Generate an account private key if you don't have one: (KEEP ACCOUNT.KEY SECRET!) openssl genrsa 4096 > account.key Print your public key: openssl rsa -in account.key -pubout Copy and paste the public key into the box below. -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAweKKhLq58g4WesfGNCA7 ESfvOUB09BBWiI751t5tUnfEIfeuAqhf6Fv74nKBQNYE7i94VLIvG8O0WAu5NAjA 1tuhhGZb8osDTxgweDhVr/yZVeVTPW8H9USnK1c+UvvppNZk8xa4t+xIluDUeXex OaQb3BHXPzz4bXow+X3g4l+PNfgnIOg8kzdDmC/UgTJ+D1kuOXIckLrbWBhV0QDl 6olfCAizmYoSzamNCv9P3MVyIgGYj+pmvbWUD2z+eREmD0XVzazieG8l4C+w0hxG TptJu/VMcaY8sk9ygkJMlVfK8vvpYIantUBbdi4EH1SeSUbOcnw7mTn8Ws4XQoXX q/tq79p8hiDoSJytFZ5DAWivez08mvCNj57cZ0/yqQwWs5Hue8f08TcbPFdB+tc0 beWQ60AWGji9gooTMLqEtfSAliHEOy1pb9d2aNqJo8/NA8TCCw+G94anciOvrXrz mkLifHREN/jO8MDNVKhS4TUKBD/W0SGZMM6ToY4G+yFYnA721NGt3UL/69HoKBu3 tBfSVqGkF2QInrI18s11KMD9yEc9jjT7zOTVxvkndEXYH+6UV2cm4uiC67ZFdebF lSJMAIToozOg/ZdV7TY9qitQEiF0bEJg++TrK/ULV8A5/+CQ2OpJes5HWFRBOJGB nDxa18J246xim3Pl+RxnjMcCAwEAAQ== -----END PUBLIC KEY----- ---------------------------------------------------------------------------------------------------- Step 2: Certificate Signing Request ---------------------------------------------------------------------------------------------------- How to generate a new Certificate Signing Request (CSR): Generate a TLS private key if you don't have one: (KEEP DOMAIN.KEY SECRET!) openssl genrsa 4096 > domain.key Generate a CSR for your the domains you want certs for: (replace "foo.com" with your domain) Linux: #change "/etc/ssl/openssl.cnf" as needed: # Debian: /etc/ssl/openssl.cnf # RHEL and CentOS: /etc/pki/tls/openssl.cnf # Mac OSX: /System/Library/OpenSSL/openssl.cnf openssl req -new -sha256 -key domain.key -subj "/" \ -reqexts SAN -config <(cat /etc/ssl/openssl.cnf \ <(printf "\n[SAN]\nsubjectAltName=DNS:foo.com,DNS:www.foo.com")) Copy and paste the CSR into the box below. NOTE that for this step, if I paste the command provided above, then I will get an error about a "missing re-direct" The way around that is just to enter the command: openssl req -new -sha256 -key domain.key and then just answer the questions interactively instead of having them piped in form redirects. -----BEGIN CERTIFICATE REQUEST----- MIIE7TCCAtUCAQAwgacxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOQzEQMA4GA1UE BwwHQ2xpbnRvbjEfMB0GA1UECgwWd3d3LmNhcm9saW5hY3VzdG9tLmNvbTEUMBIG A1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFnd3dy5jYXJvbGluYWN1c3RvbS5j b20xITAfBgkqhkiG9w0BCQEWEnNjZGVtYXJjQHlhaG9vLmNvbTCCAiIwDQYJKoZI hvcNAQEBBQADggIPADCCAgoCggIBANXG7UdtRD4aZ0XcTR9xRDPbmM5Lr83rdvFR wdZMj52cRkniL7d8s0eLitJfrXVCjKDDsZz1AM8NQ/QvvOK5R9OLfFguF9UtpeDV ao5FjLNRlmXyjwjQOU59QJBFU6K4EnJW5FRp8rtIM+PpY/JC/+i4tY1tIWLrG+WD Ursa+XB2YQahZmWTAHDqW95P9/In30DVE6YJl3PUWU0RKDTEGAlC12G3/vj8HPk2 EO+hmb6yJu4VFvstSWH7pEV3Hf2yxH8Mj60Gz74oQr7RYHbz/g+xOw0YvXOG+QDM /6XdQol3e99MXrOvgOThqX/4XruR+7NmkNVF/2qUg+DE1crxamaZf80jjml/fwrN CoFZgzdwl/pUAQ0M85VLnMn9T9WBkEK7wbhJ0BlTJ/otbRE3vc5DjxO87Vxfl91n SZY+4ZMqCT3Lb42tp9I8N4fF/2C0jHHAoGcuX1Zr+EuPbjvbKYDY4QC3QGruP82B mJNQzPDoagqxcuzYDuYYX6JBNk/F648DoPbySuGZus9Gsw4LcePv2oWUtMAXp1Km ElTcUXMrr9QlzGIDi+E3focRpRcSFtGoLtwViKLdlcvJU61nVNqv3bFJfkpxWHqq 7rAylEaEFJSlHULDkdJHBg1C+WL5ARadwVqgtTWpVC0B6srSo2G79Nr/gA2jIOBT C57UylstAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAtpenFfQCK+hENRmczaUO XMrGQMH7O0jkm8VuScivS42qPlUz2kljMTNrd778bA7NriGR9evGM7BnNV3n4NU1 GiGwR504WejZpq1UZV0TF4/VicqxfkWZy7tV4aMJ9qYS2J1AC0BFp3dwsL4RRZUN wG1KyKWVQPxd1xOu005kfW0VFI0nGW7g68Rb6RAbbubHMc0LMx7I8XrrXm1Li6zE U16rEkX7/tM9sRxkO2Vi+GzNePKB67f9LXGdU2knENXjhpwJIHSyLkkoqZi2T+be iGebCdNEZapgSrQhoZcU4pK+Zf6MYAKNEHEwlF6X7KijYV34W19ynBj4FHgNZH8F Fmkcby7gsO2B5dP8e75ZkzrCmndVEedFpJpwktO0F3PQGd6F6qIVssXJZAFYrr7r ZGNxvoPNfC4lMP0DPUYDXUORaPhMFvdskL5IL4oQgh0NuVT6ZQ+38qbjfPC45ssS UAqEXagSA3X/JAT/tc3Jhc8DV5xNr9ZgJ9MmBiRhuDfj4cUUN/I8uZk5qbahxgAw SKY3BueEAhJyUj5z3AEkz5lr5oLYAtP0XbpxdFbp3uBVk3wMFQTqlENLoEuhpXvx rL9fDmlEL90UhfEPd5Gru0Ex5PsQ4IWsg2T51WG17Fb1U0CMlf5xSgaIhcgbEbmW lqJh+P4U6JURYaX2kEu/9hc= -----END CERTIFICATE REQUEST----- ---------------------------------------------------------------------------------------------------- Step 3: Sign API Requests (waiting...) ---------------------------------------------------------------------------------------------------- ACCEPT_TERMS: setenv PRIV_KEY ./account.key echo -n "eyJ1cmwiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCIsImFsZyI6IlJTMjU2Iiwibm9uY2UiOiI1eWZLTUJKSmMtNVVEU0hRX3lFMngtcjN6bE9BY0J0ZGVJeW1fN1BqeHpacUMyNXdBX3ciLCJqd2siOnsiZSI6IkFRQUIiLCJrdHkiOiJSU0EiLCJuIjoid2VLS2hMcTU4ZzRXZXNmR05DQTdFU2Z2T1VCMDlCQldpSTc1MXQ1dFVuZkVJZmV1QXFoZjZGdjc0bktCUU5ZRTdpOTRWTEl2RzhPMFdBdTVOQWpBMXR1aGhHWmI4b3NEVHhnd2VEaFZyX3laVmVWVFBXOEg5VVNuSzFjLVV2dnBwTlprOHhhNHQteElsdURVZVhleE9hUWIzQkhYUHp6NGJYb3ctWDNnNGwtUE5mZ25JT2c4a3pkRG1DX1VnVEotRDFrdU9YSWNrTHJiV0JoVjBRRGw2b2xmQ0Fpem1Zb1N6YW1OQ3Y5UDNNVnlJZ0dZai1wbXZiV1VEMnotZVJFbUQwWFZ6YXppZUc4bDRDLXcwaHhHVHB0SnVfVk1jYVk4c2s5eWdrSk1sVmZLOHZ2cFlJYW50VUJiZGk0RUgxU2VTVWJPY253N21UbjhXczRYUW9YWHFfdHE3OXA4aGlEb1NKeXRGWjVEQVdpdmV6MDhtdkNOajU3Y1owX3lxUXdXczVIdWU4ZjA4VGNiUEZkQi10YzBiZVdRNjBBV0dqaTlnb29UTUxxRXRmU0FsaUhFT3kxcGI5ZDJhTnFKbzhfTkE4VENDdy1HOTRhbmNpT3ZyWHJ6bWtMaWZIUkVOX2pPOE1ETlZLaFM0VFVLQkRfVzBTR1pNTTZUb1k0Ry15RlluQTcyMU5HdDNVTF82OUhvS0J1M3RCZlNWcUdrRjJRSW5ySTE4czExS01EOXlFYzlqalQ3ek9UVnh2a25kRVhZSC02VVYyY200dWlDNjdaRmRlYkZsU0pNQUlUb296T2dfWmRWN1RZOXFpdFFFaUYwYkVKZy0tVHJLX1VMVjhBNV8tQ1EyT3BKZXM1SFdGUkJPSkdCbkR4YTE4SjI0NnhpbTNQbC1SeG5qTWMifX0.eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6dHJ1ZX0" | openssl dgst -sha256 -hex -sign $PRIV_KEY 33e8358e2b3864b6a6d0d905540806d152c98d67cd27f30d35266957c3f64edfa942473dd374b58d6aa9401619c3f2d69bbeaa1600fa0f7cc6abdc68b000b92e877b15a5469c876cacf03596b5e633b503e76b0491e6a1b1580807a2adac2f4fce440237913d192c652aa68bb0d6148ebbf26af5e4c1ddd397d00c830c2dc9c3be824990d261fb47c7dbc0931d99be7bc12ed33dc8c49fcb93446364bd1358d76a121af3da9570303b38451040fb4022a2759bc09385fe563d8c44fcf49fa2daa1cd0f8b51bc0ab0c1a3c9f7c9778a1135dd223336c9502f66dd37337bfb720bee48e542b388ad220d8c4d3feb1f63548d5b569eabc164da7a3be3071ec2957444ee117d3a61da23ca4b41ad7b38f968afe079fc78700922e2922d52cd5a575e4f844fa6debd07b724b25053f1fbcf9cc4985c53a69e48e95b5cb414f9dac9b4bf78514f7a99c46b2b1da14aad055afdcc09c31ce78b2f14058178e0c7dd670a49925ee2f4014aa9b463fdc17f6a47b4a7fe41829213c94923d5e88f0306cd7e92711ea67e1f0f514e548df6d9577bd1cf2e47fddb0ace6d3dd834c1413df9cd4937c06a14dfbcd0309d47eac654bfc6b21cc3d3f9dbd1a3a091c2435dd6687b264e7cb839b2642b5613e42643b5bf37431eded7b03b24dbca1dfc13ad496d907c8b4c5920b75f6704c577cb067df15512d1f6281b65778aa1da2ddef5c1a2a7 echo -n "eyJ1cmwiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzE3ODk2MjQ3NDciLCJhbGciOiJSUzI1NiIsIm5vbmNlIjoicE9lSlFBbEJrOF91T0R0Y1ZqTWdqbVZyeHBNMnBLcHpLV3puMUdwTFp1UGwxc1pfUElRIiwia2lkIjoiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNzg5NjI0NzQ3In0.eyJjb250YWN0IjpbIm1haWx0bzpzY2RlbWFyY0B5YWhvby5jb20iXX0" | openssl dgst -sha256 -hex -sign $PRIV_KEY 9169290b701b670965c587b0b89aeff30e30096206b18d63922148fc2c0fdefc080285159f14dd6b01dcc1ff96911454b4638690a9ea97a97016876ead02cf030125a70b0eafc9ed8bab5cbf3270b973d5d5f756f6128ee15d60dbab02b702dc6af063e5f85769b18a5131f679d80b77ab05d20ffbed5b53d8514aa5025efc91d40180807b38995eae954d316538c9160cd7e129ba97d45387602b1f998936d86d73e079266669f4d3661922c0f3c63945551bd57337375318ae7e2b3fe2068aeb66b85f1581255274059c15b4687da15a4e44f9c691f5d168d7f1ff87e9b08d7e35a4a7b16399ae2905d84e23ac41d931d6f3e0da81f67610d503d248ca2b6435de84267118ec13b1dff3173ecac198ea4d5805d8b57cbfdd458f9cb9131db8ae01a178d8cf6f507e73a0bc7c74b344d25b59f4882fd97ce7ab5a4923b00eda0ef59e04226bcf09c382cfad3aa1ee01fb8e1a49c44bc9138ac840ce4d81cba5865f54c5d48b6d734c356a7cab11c3e5669f7b205a47b95769aee5d882ba1f23e5978a020550ea509fadecfcd08a4122d345207f23ef55dd853791012bbc91cff3bdb66aae9ddeff1100443fed98075cf605a9f89234ba1f05259b9e0cc69870e1257f4fc14e964b9d07ef57f468ef6bab137c9493853ad37dd9657f70b742dcb48fe366e16f41abaec264835284daba585573ddee3b1b3caea4cd2e9f2703ee echo -n "eyJ1cmwiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCJhbGciOiJSUzI1NiIsIm5vbmNlIjoiNXlmS01CSkpmM29IZnFyZ2V0RjdsSWFLZ2ZuRmdBeFZhSGxhemk3RlV6TUxWdm5CZHNVIiwia2lkIjoiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNzg5NjI0NzQ3In0.eyJpZGVudGlmaWVycyI6W3sidHlwZSI6ImRucyIsInZhbHVlIjoid3d3LmNhcm9saW5hY3VzdG9tLmNvbSJ9XX0" | openssl dgst -sha256 -hex -sign $PRIV_KEY 92b125d87287453f9404f4db715f34dd122b382f78f23f5e230a3bdd538a649e32e6d012e7507fa011e5f1a5fc7b50432c39954f769f3a8f0b5eb1fa32a90f9c580a55a9987f69035be056fcc82ffa6a257e5bc0e2ffacfbf0d75a3a0dc31a7269dd9874185ccb7a8d97f9561319906eca1ce0bbabe2321a1310d0b9c47808bdf2ddbabbca9cc429396fa686f5b231ee849785fbf4c2ac142f520956d1ceb1a6b2b054d2a897a0086b26102db01165ae71dd53b870d9409689e9dc7c2bce308ec39c08e72d256d797961c7acf2f2abab681adb4d00536c82c1e8a1b0eca7d4badb45e45fabede7dd6f1ffa73c9e8a1554b856041bc091fa21f62aceae8770517253b8f0d00fb2ca1e37429752c278451f8930905b45d55e550a6c9692a1c0b8e7bfed0ea417bd735c0a4094af2d7ad19271743d76a2514a840a03d046587d49b8e1894a878d6e3e455ddfdaa4765f6a4210eaae3bf316c57561ba1e597bdc45d488590c2bc7cd44f0855d40ed8ae50d337a897b6d0d34db03f4d2190d7680f815f1606f9b14fd727c0fbdba3f8d4a3a2618af1d7593499e980e9dd41249395086788d1a48c5d6f22f66d0c7170fe8ebbe3c8a661fbf9edcf4287c5474bf6da16d29810335f6aeb35c887478637dce109ccdfacbfd2c27412f240494b542df17d6a8eff23a3df59c3aaf5eaf2ed9555b1143acc8a9a0488d7e52905f4f2c7ea36 ---------------------------------------------------------------------------------------------------- Step 4: Verify Ownership (waiting...) ---------------------------------------------------------------------------------------------------- python2 -c "import BaseHTTPServer; h = BaseHTTPServer.BaseHTTPRequestHandler; h.do_GET = lambda r: r.send_response(200) or r.end_headers() or r.wfile.write('gKhUBVO4Fs4gWK041O183WJhZGOIxTvqT2kLik8bgP8.VdoZgr-3shE7mPdDeq_BG1TgrvmI4u4fqnIGH25XP_k'); s = BaseHTTPServer.HTTPServer(('0.0.0.0', 80), h); s.serve_forever()" PLEASE NOTE: to avoid getting this error: Traceback (most recent call last): File "", line 1, in ? File "/usr/lib/python2.4/SocketServer.py", line 330, in __init__ self.server_bind() File "/usr/lib/python2.4/BaseHTTPServer.py", line 101, in server_bind SocketServer.TCPServer.server_bind(self) File "/usr/lib/python2.4/SocketServer.py", line 341, in server_bind self.socket.bind(self.server_address) File "", line 1, in bind socket.error: (98, 'Address already in use') It is necessary to su to root and stop the apache webserver with "astop" ALSO NOTE: Each time that we renew the cert, we get a new python2 command above. So don't paste the old one, or else we get an error and have to start back at step-1 SIGN CHALLENGE COMMAND: echo -n "eyJ1cmwiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8zNjU2NTg4NTEwMzcvaHR5QUZRIiwiYWxnIjoiUlMyNTYiLCJub25jZSI6InBPZUpRQWxCejFjb2lJY2w4ZTUyLVB4cms4YUNmVk82ZVA4eFRPYXdrTGkyd2VqcFFnVSIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTc4OTYyNDc0NyJ9.e30" | openssl dgst -sha256 -hex -sign $PRIV_KEY 9061c92cd7b3ca7cd319d1e7c9297c45dd0501998798f4a32c02a2087985b2b023b7f19b8a1f7e573a09ce94ff986b08b5c4583f905c4fdad3cc4854f67e7c7180a28a89ad2a697285632d3297de164b02f58ba8f231ff6768f11aba9b44ff5ae8db1ca1ca12e3a547cf7baeb418ab678aa4891e5c0590c8f1484ece9710964b46940eab6d4f4b26a58cca95040045a91981311e94e44c7a47e2c4cd14e0637b38162ffae61e423b36d220d479aab3db270f0c295d8139b27ddbc1f3bf2784b60bbdeccbfa3461ab3c0aa6fe658c16d8af5572d22907096c85c01f45815406af10f0f3be699c3c4952ffaffd99afb2748b5f51bbee75cc89386dd14aaee98d08524a471e8e93c2ac2c4f95ce563df149d2d4dac66f0323538cf4b555ac6a45a661cbbf0b5f17dcd97b56cf2e4eb902d24b0b8490840dbc4f0b7ea3db6feeed6f9e61eb4c159808e1911c96ddb2742129c02e80393a39d425cf271cd4e91838b21d12c0b7786db0e1684f72d7887935e030a8092cbd204d54ce3ec4e621aff7abe8a9c22cfa8b568362c95032f44412ed2bdcc275c59b66315092d93970a526e114acbc9f7d4e812deddc384c6ec18f3c6bb0bac63062448c85b3b5fca5f48e87e063d4184ba5eb0f33daf3dabc058e1265401c9ebd487908ce96de8a3e6d01374433c166ab9e77d2441d9e2851248c6982e935fc6de14eddb8b42f4edeac296c FINALIZE ORDER: echo -n "eyJ1cmwiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9maW5hbGl6ZS8xNzg5NjI0NzQ3LzI3OTU2MzgyMTcxNyIsImFsZyI6IlJTMjU2Iiwibm9uY2UiOiI1eWZLTUJKSmhYdTF0eVEtSnRMTGRndWhZcHBnTFd4WEdZYXlGVEN2S0MtRVA1WW45TzQiLCJraWQiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzE3ODk2MjQ3NDcifQ.eyJjc3IiOiJNSUlFN1RDQ0F0VUNBUUF3Z2FjeEN6QUpCZ05WQkFZVEFsVlRNUXN3Q1FZRFZRUUlEQUpPUXpFUU1BNEdBMVVFQnd3SFEyeHBiblJ2YmpFZk1CMEdBMVVFQ2d3V2QzZDNMbU5oY205c2FXNWhZM1Z6ZEc5dExtTnZiVEVVTUJJR0ExVUVDd3dMUlc1bmFXNWxaWEpwYm1jeEh6QWRCZ05WQkFNTUZuZDNkeTVqWVhKdmJHbHVZV04xYzNSdmJTNWpiMjB4SVRBZkJna3Foa2lHOXcwQkNRRVdFbk5qWkdWdFlYSmpRSGxoYUc5dkxtTnZiVENDQWlJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dJUEFEQ0NBZ29DZ2dJQkFOWEc3VWR0UkQ0YVowWGNUUjl4UkRQYm1NNUxyODNyZHZGUndkWk1qNTJjUmtuaUw3ZDhzMGVMaXRKZnJYVkNqS0REc1p6MUFNOE5RX1F2dk9LNVI5T0xmRmd1RjlVdHBlRFZhbzVGakxOUmxtWHlqd2pRT1U1OVFKQkZVNks0RW5KVzVGUnA4cnRJTS1QcFlfSkNfLWk0dFkxdElXTHJHLVdEVXJzYS1YQjJZUWFoWm1XVEFIRHFXOTVQOV9JbjMwRFZFNllKbDNQVVdVMFJLRFRFR0FsQzEyRzNfdmo4SFBrMkVPLWhtYjZ5SnU0VkZ2c3RTV0g3cEVWM0hmMnl4SDhNajYwR3o3NG9RcjdSWUhiel9nLXhPdzBZdlhPRy1RRE1fNlhkUW9sM2U5OU1Yck92Z09UaHFYXzRYcnVSLTdObWtOVkZfMnFVZy1ERTFjcnhhbWFaZjgwamptbF9md3JOQ29GWmd6ZHdsX3BVQVEwTTg1VkxuTW45VDlXQmtFSzd3YmhKMEJsVEpfb3RiUkUzdmM1RGp4Tzg3VnhmbDkxblNaWS00Wk1xQ1QzTGI0MnRwOUk4TjRmRl8yQzBqSEhBb0djdVgxWnItRXVQYmp2YktZRFk0UUMzUUdydVA4MkJtSk5RelBEb2FncXhjdXpZRHVZWVg2SkJOa19GNjQ4RG9QYnlTdUdadXM5R3N3NExjZVB2Mm9XVXRNQVhwMUttRWxUY1VYTXJyOVFsekdJRGktRTNmb2NScFJjU0Z0R29MdHdWaUtMZGxjdkpVNjFuVk5xdjNiRkpma3B4V0hxcTdyQXlsRWFFRkpTbEhVTERrZEpIQmcxQy1XTDVBUmFkd1ZxZ3RUV3BWQzBCNnNyU28yRzc5TnJfZ0EyaklPQlRDNTdVeWxzdEFnTUJBQUdnQURBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQXRwZW5GZlFDSy1oRU5SbWN6YVVPWE1yR1FNSDdPMGprbThWdVNjaXZTNDJxUGxVejJrbGpNVE5yZDc3OGJBN05yaUdSOWV2R003Qm5OVjNuNE5VMUdpR3dSNTA0V2VqWnBxMVVaVjBURjRfVmljcXhma1daeTd0VjRhTUo5cVlTMkoxQUMwQkZwM2R3c0w0UlJaVU53RzFLeUtXVlFQeGQxeE91MDA1a2ZXMFZGSTBuR1c3ZzY4UmI2UkFiYnViSE1jMExNeDdJOFhyclhtMUxpNnpFVTE2ckVrWDdfdE05c1J4a08yVmktR3pOZVBLQjY3ZjlMWEdkVTJrbkVOWGpocHdKSUhTeUxra29xWmkyVC1iZWlHZWJDZE5FWmFwZ1NyUWhvWmNVNHBLLVpmNk1ZQUtORUhFd2xGNlg3S2lqWVYzNFcxOXluQmo0RkhnTlpIOEZGbWtjYnk3Z3NPMkI1ZFA4ZTc1Wmt6ckNtbmRWRWVkRnBKcHdrdE8wRjNQUUdkNkY2cUlWc3NYSlpBRllycjdyWkdOeHZvUE5mQzRsTVAwRFBVWURYVU9SYVBoTUZ2ZHNrTDVJTDRvUWdoME51VlQ2WlEtMzhxYmpmUEM0NXNzU1VBcUVYYWdTQTNYX0pBVF90YzNKaGM4RFY1eE5yOVpnSjlNbUJpUmh1RGZqNGNVVU5fSTh1Wms1cWJhaHhnQXdTS1kzQnVlRUFoSnlVajV6M0FFa3o1bHI1b0xZQXRQMFhicHhkRmJwM3VCVmszd01GUVRxbEVOTG9FdWhwWHZ4ckw5ZkRtbEVMOTBVaGZFUGQ1R3J1MEV4NVBzUTRJV3NnMlQ1MVdHMTdGYjFVMENNbGY1eFNnYUloY2diRWJtV2xxSmgtUDRVNkpVUllhWDJrRXVfOWhjIn0" | openssl dgst -sha256 -hex -sign $PRIV_KEY 5977a7d5dd57def8abf2e37a18a660310cc04c545418a631fc198d6674893cae68bba1205361896e62e2c961dc23f43c849fbc19ad409675fe040d890e2f0d178939395cd5e8b9d43ea12dfcde3c59abe105599d89da428ed1ee662110a97e853f460e2060bc19637be788b953f5fdf800bba81fe7d9d7518aad77f54d5379382a52b8e05347217adda1c9e42beb47a104bc3afd7d64686770d35144a082c2fd258780baf32e706babc2352a610fc098f59946d250be1d74585a9b5733dac00c0f42e4a64d870ece70a1bee7a53379c232a816a33849f795e0a66072630224f13ebd2f5dc92979523c867426063a00f3ca891614093ec4bc7565b2efd0f5deb038f5f69454373a85bf097f542b8d1581ca3cb1b5ee4671d9aefa48d8a2679870536909f8be0e64acb7e56aaa40552f0c41455f0668a49764c11094a0b8ec42a2d78a4e02f0919e8ea13fd4c306b350484ba4c824e145353607185f8d091df22f8f3df0b6b989fdda6623d1f5aedd98de9425869ca6ce0c2dcf006ac85fa5c13665e6d3013a1fbeb0b0d2451cb8a14f6e76fb26ccf6af078b9221929a0d1b671d2162a919d94cc0913ecd9510f905ad5e231bf3d8a8dbd77129aed89576d743c775a3921afd4276b195cabd1813c707e2f594597dadd92ec85063c6c3bff590bf2ddc7dfe8210dc09c13933eb5c189aaa7d24df4c63efc9d4d1f40833a4689feb ---------------------------------------------------------------------------------------------------- Step 5: Install Certificate (waiting...) ---------------------------------------------------------------------------------------------------- -----BEGIN CERTIFICATE----- MIIF/DCCBOSgAwIBAgISA6onvUPAZEM+CZMfjjEyVep5MA0GCSqGSIb3DQEBCwUA MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD EwNSMTEwHhcNMjQwNjE4MTcyNDUzWhcNMjQwOTE2MTcyNDUyWjAhMR8wHQYDVQQD ExZ3d3cuY2Fyb2xpbmFjdXN0b20uY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A MIICCgKCAgEA1cbtR21EPhpnRdxNH3FEM9uYzkuvzet28VHB1kyPnZxGSeIvt3yz R4uK0l+tdUKMoMOxnPUAzw1D9C+84rlH04t8WC4X1S2l4NVqjkWMs1GWZfKPCNA5 Tn1AkEVTorgSclbkVGnyu0gz4+lj8kL/6Li1jW0hYusb5YNSuxr5cHZhBqFmZZMA cOpb3k/38iffQNUTpgmXc9RZTREoNMQYCULXYbf++Pwc+TYQ76GZvrIm7hUW+y1J YfukRXcd/bLEfwyPrQbPvihCvtFgdvP+D7E7DRi9c4b5AMz/pd1CiXd730xes6+A 5OGpf/heu5H7s2aQ1UX/apSD4MTVyvFqZpl/zSOOaX9/Cs0KgVmDN3CX+lQBDQzz lUucyf1P1YGQQrvBuEnQGVMn+i1tETe9zkOPE7ztXF+X3WdJlj7hkyoJPctvja2n 0jw3h8X/YLSMccCgZy5fVmv4S49uO9spgNjhALdAau4/zYGYk1DM8OhqCrFy7NgO 5hhfokE2T8XrjwOg9vJK4Zm6z0azDgtx4+/ahZS0wBenUqYSVNxRcyuv1CXMYgOL 4Td+hxGlFxIW0agu3BWIot2Vy8lTrWdU2q/dsUl+SnFYeqrusDKURoQUlKUdQsOR 0kcGDUL5YvkBFp3BWqC1NalULQHqytKjYbv02v+ADaMg4FMLntTKWy0CAwEAAaOC AhowggIWMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB BQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUuRP8PP70xk6yAPbmzRIlglvd T6MwHwYDVR0jBBgwFoAUxc9GpOr0w8B6bJXELbBeki8m47kwVwYIKwYBBQUHAQEE SzBJMCIGCCsGAQUFBzABhhZodHRwOi8vcjExLm8ubGVuY3Iub3JnMCMGCCsGAQUF BzAChhdodHRwOi8vcjExLmkubGVuY3Iub3JnLzAhBgNVHREEGjAYghZ3d3cuY2Fy b2xpbmFjdXN0b20uY29tMBMGA1UdIAQMMAowCAYGZ4EMAQIBMIIBBAYKKwYBBAHW eQIEAgSB9QSB8gDwAHcASLDja9qmRzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHMA AAGQLJg+2gAABAMASDBGAiEAxUq7s+d8wnkIGNSxMv1A7yGzKXvMPnCdkw/iIENK mLsCIQD2EP7D0X8U4ZCX49OwLSrjOVi02o13Bn1g8CtzrTNZWgB1AD8XS0/XIkdY lB1lHIS+DRLtkDd/H4Vq68G/KIXs+GRuAAABkCyYPt8AAAQDAEYwRAIgUJv0nDQ5 a8rTXcykpK0KTsZ6Uuiezz4t4KzhGB91s04CIDYlRs3K45VuzkXX2LtZ6VFEyII2 hu6zBNZ1U7lOb8AIMA0GCSqGSIb3DQEBCwUAA4IBAQAzKW69/AgPddAil1HDJ9+O GWganmgFurb3MMHLi6iL5CvzZeTeH28AyltkzZT2yYCS0RuXNUeXig3icUGa+djr INc8OenzajXJbAaDEjVqRe1W4ZOPLDlnvuPPIQG/Fek2E/Ez4gPF/2GEgXPxsK00 CoIV8kZpQthMTRonns4NhyLrBL1wOlYRK57zzckbDdFqnPGwLhsru2eX/LWg1BEB KyHp/rI+m6xi3kLoHjOlaofxgATaMWvUO0x7fQErTzNkoY6mfwSm2x8kE69oOe3H muHauAKwrLK5CH+kXWbjmrpdeQ5bipP08nvWnVCJguK9TPF/mj+C3CeZYiS9wbzF -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFBjCCAu6gAwIBAgIRAIp9PhPWLzDvI4a9KQdrNPgwDQYJKoZIhvcNAQELBQAw TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw WhcNMjcwMzEyMjM1OTU5WjAzMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg RW5jcnlwdDEMMAoGA1UEAxMDUjExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAuoe8XBsAOcvKCs3UZxD5ATylTqVhyybKUvsVAbe5KPUoHu0nsyQYOWcJ DAjs4DqwO3cOvfPlOVRBDE6uQdaZdN5R2+97/1i9qLcT9t4x1fJyyXJqC4N0lZxG AGQUmfOx2SLZzaiSqhwmej/+71gFewiVgdtxD4774zEJuwm+UE1fj5F2PVqdnoPy 6cRms+EGZkNIGIBloDcYmpuEMpexsr3E+BUAnSeI++JjF5ZsmydnS8TbKF5pwnnw SVzgJFDhxLyhBax7QG0AtMJBP6dYuC/FXJuluwme8f7rsIU5/agK70XEeOtlKsLP Xzze41xNG/cLJyuqC0J3U095ah2H2QIDAQABo4H4MIH1MA4GA1UdDwEB/wQEAwIB hjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwEgYDVR0TAQH/BAgwBgEB /wIBADAdBgNVHQ4EFgQUxc9GpOr0w8B6bJXELbBeki8m47kwHwYDVR0jBBgwFoAU ebRZ5nu25eQBc4AIiMgaWPbpm24wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAC hhZodHRwOi8veDEuaS5sZW5jci5vcmcvMBMGA1UdIAQMMAowCAYGZ4EMAQIBMCcG A1UdHwQgMB4wHKAaoBiGFmh0dHA6Ly94MS5jLmxlbmNyLm9yZy8wDQYJKoZIhvcN AQELBQADggIBAE7iiV0KAxyQOND1H/lxXPjDj7I3iHpvsCUf7b632IYGjukJhM1y v4Hz/MrPU0jtvfZpQtSlET41yBOykh0FX+ou1Nj4ScOt9ZmWnO8m2OG0JAtIIE38 01S0qcYhyOE2G/93ZCkXufBL713qzXnQv5C/viOykNpKqUgxdKlEC+Hi9i2DcaR1 e9KUwQUZRhy5j/PEdEglKg3l9dtD4tuTm7kZtB8v32oOjzHTYw+7KdzdZiw/sBtn UfhBPORNuay4pJxmY/WrhSMdzFO2q3Gu3MUBcdo27goYKjL9CTF8j/Zz55yctUoV aneCWs/ajUX+HypkBTA+c8LGDLnWO2NKq0YD/pnARkAnYGPfUDoHR9gVSp/qRx+Z WghiDLZsMwhN1zjtSC0uBWiugF3vTNzYIEFfaPG7Ws3jDrAMMYebQ95JQ+HIBD/R PBuHRTBpqKlyDnkSHDHYPiNX3adPoPAcgdF3H2/W0rmoswMWgTlLn1Wu0mrks7/q pdWfS6PJ1jty80r2VKsM/Dj3YIDfbjXKdaFU5C+8bhfJGqU3taKauuz0wHVGT3eo 6FlWkWYtbt4pgdamlwVeZEW+LM7qZEJEsMNPrfC03APKmZsJgpWCDWOKZvkZcvjV uYkQ4omYCTX5ohy+knMjdOmdH9c7SpqEWBDC86fiNex+O0XOMEZSa8DA -----END CERTIFICATE----- ---------------------------------------------------------------------------------------------------- additional FYI for debug ---------------------------------------------------------------------------------------------------- cd /usr/local/apache/conf/ssl.crt mv carolinacustom.crt carolinacustom.crt__lets_encrypt_domain_crt_2024_03_19 cp -a /home/scdemarc/www/ssl_cert/lets_encrypt/2024_06_18/domain.crt carolinacustom.crt cd /usr/local/apache/conf/ssl.key mv carolinacustom.key carolinacustom.key__lets_encrypt_domain_key_2024_03_19 cp -a /home/scdemarc/www/ssl_cert/lets_encrypt/2024_06_18/domain.key carolinacustom.key Then restart Apache with the "astart" alias If you see the following when you try to restart Apache, then it might be because you forgot to the Python simple server above from step-4 (98)Address already in use: make_sock: could not bind to address [::]:80