Issuing Cert using ZeroSSL

leo10 · November 2, 2016, 2:02pm

Hello, I have a wordpress site and I decide to use Zero SSL to issue a LE Cert.
It’s easier than the other ways(it gets too technical) but I know that I have to repeat the same steps every time the Cert expires. But I have a question, in the domain entry, should I type: https://mysite.com/ and also www.mysite.com/ ?

serverco · November 2, 2016, 2:08pm

don’t include the https or / … so just mysite.com and www.mysite.com

As to the question of if you need both, that depends really if people ever connect to www.mysite.com. Generally it’s safer to include both.

leo10 · November 2, 2016, 2:09pm

okay, but when I type mysite.com it aumatically change to https://mysite.com/

serverco · November 2, 2016, 2:10pm

OK - that may be a feature of zerossl - it’s not one I’ve used.

leo10 · November 2, 2016, 2:19pm

Okay, thank you very much.

leo10 · November 2, 2016, 2:49pm

I got all my info/keys, and I entered my private key but when I wanted to enter the csr file, I didn’t find the suitable input field but just "SSL Certificate Signing Request

If you obtain a certificate from a trusted SSL provider, you must complete the Certificate Signing Request form to provide the information needed to generate your SSL certificate." and followed by a form.
what should I do?
I managed for now to enter only : the private key and the domain certificate but not the CSR.

tialaramex · November 2, 2016, 3:19pm

Hmm. I am a little confused, so there could be a few different things going on here, I haven’t seen exactly the Wordpress system you’re using, nor have I used ZeroSSL, anyone who has might be able to answer more precisely.

Some systems want to choose their own private keys, rather than let someone else (you? or Zero SSL?) choose. In this case you must use the Certificate Signing Request feature, basically a Certificate Signing Request is a way for the thing which has chosen the private key to say “Hey, I want a certificate that goes with this key please” and then you need to present that to Let’s Encrypt (maybe via Zero SSL) to get the certificate which matches the chosen key. So if that’s your chosen way forward (or the only way that works) you need to fill out the form to get a CSR with the names you want in it (it will need to say the DNS name or names in it) and then give that to ZeroSSL, and do all that stuff again, which is a pain, sorry.

Sometimes that’s optional, and there is a way to tell the system (here Wordpress) that you’ve got a perfectly good private key and a certificate, (and maybe also some intermediate certificates if it asks for them separately?) and you don’t want to bother with a CSR, let’s get it done. So if that seems to be possible you can just do that.

Finally sometimes systems try to be helpful by having a place to keep your CSR even after it isn’t really needed any more. This feels like keeping the receipt for a bottle of beer you’re already drinking - kind of useless. But usually you can just leave it blank if that’s all that is going on. I don’t think this is your case, but I can’t entirely tell.

leo10 · November 2, 2016, 3:35pm

Thank you for your responnse. I contacted my hosting provider and they’ve told me that:" you don’t need to put the CSR anywhere. This is simply to get the SSL certificate, which you already have" so now I’m facing this problem:

I copied and pasted the private key and the certificate in the SSL section of my hosting control panel.
I didn’t request any CSR nor copied it in the control panel.
If I typed my website in https mode(https://mysite.com) I get an error: Your connection isn’t private and I get the RED lock.
Thanks in advance.

serverco · November 2, 2016, 3:43pm

What’s your domain name ?

leo10 · November 2, 2016, 3:45pm

http://nextlevelupservices.com/

serverco · November 2, 2016, 3:49pm

It’s not using the Let’s Encrypt certificate. YOu are using one for turnkeywebspace.com (your host ? )

leo10 · November 2, 2016, 4:01pm

Yes, you are right, because when I entered the cert and the private key in the control panel I thought it was LE cert now that’s working.

leader · November 2, 2016, 7:50pm

Let’s go through this one by one

I believe when you said “when I type mysite.com it aumatically change to https://mysite.com/” you meant that this is what is happening when you type it into the browser’s URL, not into some fields on ZeroSSL, because ZeroSSL does not append http/https.
If you enter just mysite.com on ZeroSSL, it will automatically ask you whether you want www.mysite.com to be also added to a certificate. Also if you add www.mysite.com, it should ask whether you’d like to have non-www version of the name added too.
You can enter both names (actually up to 100 of those), separated by whitespaces or commas - they will all go to the certificate, but of course you would have to prove your ownership of them all.
The CSR (if it was generated on ZeroSSL) you can use to renew your certificate, but it is not something that control panel normally asks for.
Everything that you need for your control panel is downloadable from the last screen (“Certificate”). As outlined on the same screen, the certificate file contains both your domain certificate and the issuer’s cert - for cPanel you may need to split that in two parts (first one will go into domain certificate input, second one into “CA Bundle” or similar input).

I hope that helps. If you still have questions, please send a message via the form on https://ZeroSSL.com

system · December 2, 2016, 7:50pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.