What is my CSR and Private key for my SSL?

Linode Staff

I have downloaded an SSL cert from GoDaddy for a domain hosted on my Linode. GoDaddy has requested I add a CSR and private key file for the SSL certificate. GoDaddy’s customer support said that this information is provided by the hosting server company. Can you provide this information?

5 Replies

Your CSR/private key file is something that you can obtain from within your Linode itself and isn’t something we provide directly. We can still point you in the direction of where to find it and give you some next steps.

The Certificate Signing Request (CSR) can be generated within your Linode (from the command line). Generating a CSR varies depending on your Linode’s operating system/web service. The following site provides different guides on how to generate a CSR.

I’ll focus on how to do this using a Linode running Apache on Ubuntu. (GoDaddy also provides instructions on how to do this here.)

Generating a CSR

  1. You’ll first need to log in to your Linode via SSH.
  2. Run the following command (replacing yourdomain with your domain name):
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

Here's a breakdown of this command and some of the specified options for further clarification:

  • newkey rsa:2048: creates a 2048 bit RSA key for use with the certificate. RSA 2048 is the default key size but depending on the requirements from GoDaddy, this number can be adjusted.
  • nodes: creates a certificate that does not require a passphrase. You can exclude this option if you’d like but you will be required to enter a passphrase in the console each time Apache is restarted.

You’ll be prompted to provide additional information for your website to the certificate.

  • When asked for the Common Name, type the fully qualified domain (FQDN) for your site.
  • You can input information when requested to enter extra attributes but it is not required, you can leave these blank if you’d like (press Enter to bypass them).

It’s important the information provided here is accurate as GoDaddy will be reviewing it for your SSL.

  1. Since you need to provide this information to GoDaddy, you’ll need to open/view the CSR with a text editor and copy all text, including the -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST-----.
  2. Paste the full text into the SSL enrollment form located within your GoDaddy account.

Private Key

In regards to the private key that GoDaddy is requesting, this is created when the CSR is generated on your Linode. Looking at GoDaddy’s documentation regarding the private key, they mention that you should not send this to anyone (including them). Rather it mentions that you will just need to know the location of the private key to complete installation of your SSL certificate. (If you just generated the CSR, it should be located within the same directory as the CSR.)

If you're still unsure of where your private key is located, I’d recommend checking your site’s virtual hosts file and/or your web service's configuration file, the following documentation should help with that: https://www.godaddy.com/help/wheres-my-private-key-32300


Once you have this information, you should be able to move forward with the installation of the SSL certificate. Heres a detailed guide with steps on this: https://www.godaddy.com/help/manually-install-an-ssl-certificate-on-my-apache-server-ubuntu-32078

You write:

GoDaddy has requested I add a CSR and private key file for the SSL certificate. GoDaddy’s customer support said that this information is provided by the hosting server company.

You need a private key and a CSR before GoDaddy (or whoever) should issue the cert. The cert belongs to you…not the hosting company. The private key & CSR should reside on your Linode in order for the cert to operate properly…that's way different than the hosting company providing the private key & CSR.

As was demonstrated above, it's easy to generate both those things. Usually they are byproducts of the enrollment process with the cert authority (whoever GoDaddy contracts with).

-- sw

Looking for a different route to secure your site?

You can easily deploy a free SSL certificate to your Linode using Certbot, a tool that automates the process of obtaining and installing a certificate (via Let's Encrypt).

To get started, you can follow our guide here:
https://www.linode.com/docs/quick-answers/websites/secure-http-traffic-certbot/

Although we recommend using the Certbot tool for its ease of use, you can also install Let's Encrypt and add an SSL certificate manually.
----> https://www.linode.com/docs/security/ssl/install-lets-encrypt-to-create-ssl-certificates/

I use LetsEncrypt/Certbot myself…and I use the same cert for secure web but also secure email access (via postfix/dovecot).

FREE is the best price of all!

-- sw

SSL rekeying is the process of replacing the current SSL certificate with a new one while retaining the same private key. This process is necessary when the SSL certificate is about to expire or when you need to change the information contained in the certificate, such as the domain name or organization name. Rekeying allows you to keep the same private key, which is important because it’s used to encrypt and decrypt data transmitted between your website and the user’s browser.

read more : https://sslseller.com/how-to-rekey-ssl-godaddy/

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct