Site: US UK AU |

Rekeying your SSL Certificate

How to rekey your SSL certificate

This article show show to rekey SSL certificates with either SSH or, for Nexcess clients, by using SiteWorx.

Regenerating the key from a terminal console 

Attention: All certificates must have at least a 2048-bit key size.
  1. Log in to your server instance using the SSH credentials provided to you in the Nexcess Welcome Email.  
  2. Type the following command at the prompt: openssl req -nodes -newkey rsa:2048 -keyout <newkeyfile.priv.key> -out <newcsrfile.csr>
  3. This command will generate a 2048 bit RSA private key titled newkeyfile.priv.key and a CSR titled newcsrfile.csr.
  4. The following fields must be populated before the certificates are ready, and the private key is regenerated.   
Attention: When prompted for a pass phrase: Do not enter a passphrase for your SSL. We do not require it on our servers. 
  • Country Name: Use the two-letter code without punctuation for country, for example: US or CA.
  • State or Province: Spell out the state completely; do not abbreviate the state or province name, for example: Michigan. 
  • Locality or City: The Locality field is the city or town name, for example: Berkley. Do not abbreviate. For example: Saint Louis, not St. Louis. 
  • Company: If the company or department has an &, @, or any other symbol using the shift key in its name, the symbol must be spelled out or omitted, in order to enroll. For example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation. 
  • Organizational Unit: This field is optional; but can be used to help identify certificates registered to an organization. The Organizational Unit (OU) field is the name of the department or organization unit making the request. To skip the OU field, click Enter on the keyboard. 
  • Common Name: The Common Name is the Host + Domain Name. For example, 

 A new private key and CSR have been created. Copy and paste the contents of these two documents, newkeyfile.priv.key and newcsrfile.csr into Notepad or a similar text editor.  Attention: Microsoft Word or Apple Pages may insert extra characters, which can alter the contents of the private key and CSR.

If you purchased your certificate through Nexcess, send these two files to, and the Support team will assist in having the SSL rekeyed.  

If you purchased your SSL certificate through a third party provider, send these two files to the certificate provider, and they will assist in having the SSL rekeyed.  

Regenerating the key from the Siteworx control panel

Attention: This method will create some site disruptions in service, until the new SSL certificate is generated and installed.  

Stage 1: Save your SSL records

  1. Log in to your SiteWorx instance.
  2. From the left-side menu, click Hosting Features > Domains > SSL.
  3. Copy all three documents, Private Key, CSR Chain, and SSL separately, and paste them into a document for use later.  
  4. Delete the Private Key, then the CSR and SSL Certificate will be removed.  

Stage 2: Regeneratie your SSL credentials 

  1. Click Setup Private Key.

    SiteWorx SSL Certificates Page: Set Up Private Key

  2. Click Generate, and a Private Key will be created for you. 
Attention: Key Length: only the 2048-bit is accepted.
SiteWorx SSL Certificates Page: Paste or Generate a Private Key

Stage 3: Generate a CSR

  1. In the Manage CSR dialog box, type your company name and location, which should match the information from your previous certificate. 
    Attention: Use caution when specifying a name in the Common Name field. Be aware that does not equal The SSL will display as invalid if the common name does not exactly match your real URL. For assistance, contact our Support Team

    SiteWorx SSL Certificates Page:  Generate or Install a CSR

  2. Click Generate.
  3. If you purchased your certificate through Nexcess, send these two files to so we can assist. If you purchased your SSL certificate through a third-party provider, send these two files to the certificate provider instead.  

Stage 4: Install the old SSL certificate

  1. In order to keep your site secure while the SSL Certificate is regenerating, install the old SSL Certificate so your site will function properly.
  2. Copy the contents of your previously generated private key, chain and CSR, and keep for later use.
  3. Delete the existing contents and replace them with the previously installed Private Key, CSR, and SSL certificate. 

For inquiries or assistance with SSL certificates, contact our Sales Team between 9 a.m. and 5 p.m. eastern time (ET), Monday - Friday.

Article Rating (No Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
What is SNI?
Added on Tue, Jan 10, 2017
How to enable Let’s Encrypt
Added on Fri, Jul 27, 2018
What is a premium SSL certificate?
Added on Thu, Feb 5, 2015
How to purchase standard SSL certificates
Added on Wed, Feb 14, 2018
How to generate a CSR
Added on Thu, Jun 7, 2018
What are SSL certificates?
Added on Tue, Aug 5, 2014
What is an extended validation (EV) multi-domain SSL certificate?
Added on Thu, Feb 5, 2015
What is a Wildcard SSL certificate?
Added on Tue, Feb 3, 2015
How to generate CSRs in Nexcess Cloud
Added on Thu, Jun 7, 2018
What is a self-signed SSL certificate?
Added on Mon, May 18, 2015