Traditional SSL Certificate renewal for occurs every year and yet somehow that proves time and again to be just long enough to forget the process and lose confidence in conducting what should be a simple routine task. Here is a reminder of the step by step process of genenerating the CSR and combining the bundle into key and cert that we can use for an nginx reverse proxy, or whatever...

Reminder of how to handle the annual SSL cert renewal

# generate a CSR for an ssl cert or renewal
openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr

mkdir ssl-example.com

# retain the private key
cp example.com.key ssl-example.com/

# acquire the ZIP package and prepare it for use
unzip STAR.example.com.zip
cp STAR.example.com.crt ssl-example.com/example.com.crt
echo "" >> ssl-example.com/example.com.crt
cat STAR.example.com.ca-bundle >> ssl-example.com/example.com.crt

openssl x509 -in ssl-example.com/example.com.crt -out ssl-example.com/example.com.pem

#to analyze the cert and make sure it looks ok
openssl x509 -in ssl-example.com/example.com.crt -text -noout|less  

zip -r ssl-example.com.zip ssl-example.com/

# the zip contains everything you really need