1cat AddTrustExternalCARoot.crt COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt >> cert-chain.pem NOTE: This is the inverse of "Creating an SSL Bundle out of Comodo Positive SSL" which seems valid as well. Not sure if it's valid in any order.

Given this list of files given by Comodo 1Root CA Certificate - AddTrustExternalCARoot.crt 2Intermediate CA Certificate - USERTrustRSAAddTrustCA.crt 3Intermediate CA Certificate - SectigoRSADomainValidationSecureServerCA.crt 4Your PositiveSSL Multi-Domain Certificate - 285695299.crt Do the following: 1cat 285695299.crt …

Check a Certificate Signing Request (CSR) 1openssl req -text -noout -verify -in CSR.csr Check a private key 1openssl rsa -in privateKey.key -check Check a certificate 1openssl x509 -in certificate.crt -text -noout Check a PKCS#12 file (.pfx or .p12) 1openssl pkcs12 -info -in keyStore.p12 See …

All the certificates (including Intermediates) should be displayed 1openssl s_client -connect www.google.com:443 Web UI checking possible in https://www.sslshopper.com/ssl-checker.html

Convert a DER file (.crt .cer .der) to PEM 1openssl x509 -inform der -in certificate.cer -out certificate.pem Convert a PEM file to DER 1openssl x509 -outform der -in certificate.pem -out certificate.der Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM 1openssl pkcs12 -in …

Create san.conf 1[ req ] 2default_bits = 4096 3prompt = no 4encrypt_key = no 5default_md = sha256 6distinguished_name = dn 7req_extensions = req_ext 89[ dn ] 10CN = example.org 11emailAddress = webmaster@example.org 12O = Example Memorial Hospital 13OU = Example Memorial Hospital 14L = Chicago 15ST = Illinois 16C = US …

1www.example.org.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >> www.example.org-bundle.crt See details in https://helpdesk.ssls.com/hc/en-us/articles/203427642-How-to-install-a-SSL-certificate-on-a-NGINX-server

1openssl x509 -noout -modulus -in certificate.crt | openssl md5 2openssl rsa -noout -modulus -in privateKey.key | openssl md5 3openssl req -noout -modulus -in CSR.csr | openssl md5

It's quite expected that certificate won't renew as the automation has been broken. What you can do is install the apache version of certbot 1yum install python-certbot-apache and re-issue the certificate 1sudo certbot --apache -d www.example.org

1openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key