Instructions to regenerate an SSL certificate from GoDaddy and set it up on an EC2 instance running Apache.

regenerate-ssl-godaddy-setup-ec2.md

Documentation: Regenerate SSL Certificate from GoDaddy and Setup on EC2 Instance

This guide provides step-by-step instructions to regenerate an SSL certificate from GoDaddy and set it up on an EC2 instance running Apache.

Prerequisites

• Access to your EC2 instance with root or sudo privileges.
• OpenSSL installed on your EC2 instance.
• An existing domain registered with GoDaddy.
• Apache installed and running on your EC2 instance.

Steps

1. Generate Private Key

Run the following command on your EC2 instance to generate a private key:

sudo openssl genrsa -out yourdomain.key

Example: sudo openssl genrsa -out example.com.key

2. Generate CSR (Certificate Signing Request)

Use the private key to generate a CSR:

sudo openssl req -new -key yourdomain.key -out yourdomain.csr

Example: sudo openssl req -new -key example.com.key -out example.com.csr

This will create a file called yourdomain.csr. Copy its contents.

3. Issue New Certificate from GoDaddy

1. Log in to your GoDaddy account.
2. Navigate to the SSL certificate section.
3. Choose to rekey or regenerate your certificate.
4. Paste the contents of yourdomain.csr into the CSR field.
5. Follow the instructions to issue a new certificate and download the certificate files as a ZIP for Apache.

4. Upload Certificate Files to EC2

1. Unzip the downloaded certificate files.
2. You should have three files:
   • certificate.crt
   • certificate-ca-bundle.crt
   • yourdomain.key (already generated)

5. Update Apache Configuration

Upload the unzipped certificate files to your EC2 instance and place them in /etc/apache2/ssl/. Then, edit the Apache SSL configuration files:

1. Open and replace the contents of server.crt:

   sudo vi /etc/apache2/ssl/server.crt

   Replace with the contents of certificate.crt. during renewal it must be updated with new certificate file (ex af9e43ef1c9cc45e.crt)

2. Open and replace the contents of server-ca.crt:

   sudo vi /etc/apache2/ssl/server-ca.crt

   Replace with the contents of certificate-ca-bundle.crt. during renewal it must be updated with new certificate bundle file (ex gd_bundle-g2-g1.crt)

3. Open and replace the contents of server.key:

   sudo vi /etc/apache2/ssl/server.key

   Replace with the contents of yourdomain.key generated in step 1. It won't be changed for SSL renewals.

6. Update SSL Virtual Host Configuration

Make sure the SSL Virtual Host configuration in /etc/apache2/sites-enabled/default-ssl.conf is as follows:

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        Protocols h2 http/1.1
        ServerAdmin webmaster@localhost
        ServerName yourdomain.com
        DocumentRoot /var/www/html/public

        <Directory /var/www/>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on

        SSLCertificateFile /etc/apache2/ssl/server.crt
        SSLCertificateKeyFile /etc/apache2/ssl/server.key
        SSLCertificateChainFile /etc/apache2/ssl/server-ca.crt

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
            SSLOptions +StdEnvVars
        </Directory>
    </VirtualHost>
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Example: ServerName example.com

7. Restart Apache

Finally, restart the Apache service to apply the changes:

sudo service apache2 restart

Security

Keep all the SSL certificate files (server.crt, server-ca.crt, server.key, and the original yourdomain.key) secure.

By following these steps, you should have successfully regenerated and installed an SSL certificate on your EC2 instance.