SSL renewal, I have generated the CSR from NetScaler-Citrix


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: NA

I ran this command: No Command ran. We just generate a CSR and as per our vendor it needs to be forwarded the CSR to Certificate Authority

It produced this output: CSR only

My web server is (include version): NA

The operating system my web server runs on is (include version): NetScaler Appliance run in Unix

My hosting provider, if applicable, is:

I can log in to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

NOTE: Hi Team, Need your help how should I proceed with CSR on renewing the SSL for Let’s Encrypt.

Valid until: Sun, 29 Jul 2018 09:43:05 UTC (expired 1 month and 5 days ago) EXPIRED
Key: RSA 4096 bits (e 65537)
Issuer: Let’s Encrypt Authority X3
Signature algorithm: SHA256withRSA



You could use any web based utilities… Such as or to request a certificate (or renew a certificate)
However, since this is web based, and your cloud would only provide you with csr, you would need to renew it once in 90 days…

Thank you


Hi Stevenzhu,

Appreciate your help. I’ll have this one checked.



Hi Stevenzhu,

Should I still follow these steps? I’m using it seems that it’s required to create a folder for verifications file. So I need to login via putty and access the netscalar-citrix?

Appreciate your help.

  1. Download the following verification files by clicking on each link below
    Download File #1
  2. Create a folder in your domain named “.well-known” if it does not already exist. If you use Windows you may have to add a dot at the end of the folder name in order to create a folder with a dot at the beginning.
  3. Create another folder in your domain under “.well-known” named “acme-challenge” if it does not already exist
    Upload the downloaded files to the “acme-challenge” folder
    4.Verify successful upload by visiting the following links in your browser
  4. If the files do not show random alphanumeric characters or shows an error then recheck that you are uploading in the correct place. Also try viewing the page source (Right-click then click “view page source”) of the above links to make sure nothing else shows up but the verification file contents. If you use IIS then you may have to change your server config so that files without an extension (or the wildcard MIME type) serves as text/plain. Contact your host if you are unsure.
    Click Download SSL Certificate below.


Hi @aseo001rt

you have to do that, if you want to get a certificate.


Somebody figured out how to totally automate things with Citrix Netscaler so you don’t have to manually tend to things every 3 months, though it is a bit more work to set up the first time:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.