Crt file from a csr & key file


Hi there,

I’m really bad at all this SSL stuff, hence please excuse me if my question sounds silly.

We are working with a client that needs to redirect from their domain ( to our domain:

My client has requested us to provide them with a .crt and .key (private) file from our hosting provider (WPEngine) in order to be able to redirect from their domain to our domain. The .crt file needs to be in the following specs:

  1. .crt file in PEM format for nginx/apache server
  2. SHA 256
  3. 2K length

Upon chatting with WPEngine, they can only provide me with a .csr and .key (private key) file as they do not have the tools to convert it to .crt (PEM). Upon googling on how to get this .crt file, I have found out that this .crt file needs to be generated by a valid CA.

Is this something that LetsEncrypt can do? I would appreciate if someone could point me in the right direction (with the steps please) on how I should acquire this .crt file with private key in the above-mentioned specs.



While it’s not hard to generate a certificate, something about your story makes me question whether you are going about this the right way.

The reason is, even if you make a certificate today, it will only be valid for 90 days. What are you going to do 90 days from now - email them again with a new certificate? The process isn’t realistic.

Usually people setup tools to perform automatic SSL and renewal for them via Let’s Encrypt, without messing about with manually acquiring .crt files etc… For example, using will do all the CSR, key and certificate stuff for you.

What is the nature of this redirection? Are you moving a website to WP Engine?

WP Engine offers free automatic SSL once you point your domain to them - it shouldn’t be necessary to send a certificate to them.


@_az: Thanks for your prompt response.
I do agree that I may not be going about this the right way and would definitely appreciate some sound advice.

The nature of this connection is more of a redirection from a link on to

Can you explain more on “WP Engine offers free automatic SSL once you point your domain to them - it shouldn’t be necessary to send a certificate to them.”?


Hi @webnoel

if you want a redirect from to another domain and if the call of should be secured (https), then you need a certificate on

The destination and the hoster of the destination aren’t relevant.

But: There is a redirect (301) ->

So if you want to create a redirect from -> - you have a loop.


It’s described in


I’m not really seeing the “why” in this? Why would your client need a certificate and the private key to your domain?


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.