Forums

Hi, I have to renew my SSL certs, now there is this new fangled easy way to do it but I am having difficulties.....

My provider give me two .crt files, same as last year. How do I use them with the new pa_install_webapp_ssl.py script? I have generated an API key and tried to follow the instructions but I am not sure I am doing it correctly - I have no .pem files for a start...

edit -- I have converted the crt to pem using ssl but now I get

UnicodeDecodeError: 'utf-8' codec can't decode byte 0x82 in position 1: invalid start byte

when using the script thusly

pa_install_webapp_ssl.py www.n-verse.net certificate.pem www.n-verse.net.key

My key starts "-----BEGIN PRIVATE KEY-----" and the pem looks ok.

Thanks.

Can I take a look at your files? We can see them from our admin interface, but we always ask for permission first.

Yes of course. Thanks for asking.

Thanks!

The file certificate.pem doesn't look like a real PEM file to me -- it's binary data, and PEM files are ASCII files starting "---- BEGIN CERTIFICATE ----" (similarly to the private key file).

From the files you have there, I suspect what you need to do is create a combined PEM certificate by concatenating the two .crt files, both of which are in PEM format, and then provide that to the script. You can do this by first running the following bash command, replacing the "XXXXXX" with the filename of the .crt file that is not gd_bundle-g2-g1.crt (I'm not giving the filename here just in case it needs to be kept secret -- random-looking things sometimes do):

cat XXXXXX gd_bundle-g2-g1.crt > combined.crt

Once that's done, try installing it:

pa_install_webapp_ssl.py www.n-verse.net combined.crt www.n-verse.net.key

That worked. Thanks. :)

Excellent! Thanks for confirming.