Have fixed IP and CSRs, need SSLs to give to hosting service

Here’s what I’ve got so far, may it help others:
[] Purchase hosting account at Omnis.com service, with fixed IP
[] Register URL anywhere
[] IF site is hosted elsewhere, copy it to local storage, clear out its emails, record the email addresses, and remove it from the other hosting
[] From Omnis dashboard, set up the URL
[] IF URL is registered elsewhere, modify its DNS records to be on Omnis’ DNS servers
[] copy from local storage to new hosting space (FTP? FileZilla works)
[] OPTIONAL set up email addresses
— site should be working http:// —
[] Ask Omnis for Certificate Signing Request (CSR) for site
[] Receive CSR from Omnis by email
[] ZeroSSL.com (in PaleMoon w/NoScript, allow script)

  • CERTIFICATES AND TOOLS in top bar, gives “FREE SSL Certificate Wizard”
  • START button, gives “Details” page
    my email for contact
    leave Domains blank
    In the left box under the email, paste Let’s Encrypt key (if you’ve done this before, otherwise leave blank) including the lines
    -----END RSA PRIVATE KEY-----
    (The first time I did it, it gave me the key to use next time)
    HTTP verification should be already checked
    In the right box, paste your CSR including the lines
    Check both
    Accept ZeroSSL TOS, and
    Accept Let’s Encrypt SA (pdf)
    Click NEXT in the upper right corner - watch for need to allow more scripting.
  • The Verification screen should appear, with the domain name, file name, and file content they want to see to confirm your access. There’s a download button if you don’t want to build the file yourself.
  • via FTP, create two nested directories on the website (if they aren’t there) .well-known/acme-challenge
  • Upload the verification file to acme-challenge, then click NEXT
  • Receive the SSL certificate, containing both site and ownership sections. Can download.
    [] email the certificate to support@Omnis.com , replying to the email providing the CSR
    — once they install it, https should work —

I set up .htaccess thus:
# Turn on Apache tool for redirection of requested URL
Options +FollowSymLinks
RewriteEngine On
# Certificate is only good for bare URL foo.com, so
# Remove www. from bare URL and make sure https is enabled
RewriteCond %{HTTP_HOST} ^www.(.)$ [NC]
RewriteRule ^(.
)$ https://%1/$1 [R=301,L]
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# This tests working for http://www.foo.com, http://www.Foo.com
# http://foo.com, http://Foo.com, https://foo.com, https://Foo.com
# But certificate mismatch for https://www.foo.com, https://www.Foo.com
# (Have seen comment that https prevents processing of .htaccess)