SSL Cert not using MIAB CSR

My issue is that I have a CSR that was generated not using my MIAB box, I can reissue the certificate from my provider or atleast try to using the CSR off my miab, but the issuer will give me an error stating that the country code, and state are wrong which comes from the MIAB CSR.
Is there a way to manually take the CSR, private key and certificate bundle from the provider all seperate from miab and install them on my miab? and doing it manually? I tried a number of ways to edit the files manually and install them including replacing my own csr with the self-signed one, and the private key with my own, but nothing seems to work. Some help would be appreciated.

I am going to ask the obvious question first … what is the reason that you do not want to utilize MiaB’s install of Certbot and have certificate issuance handled automatically and for free?

IMHO that is the absolute best way of handling the certificate.

Now, that asked … what steps have you actually taken that did not work? and what errors/results did you get?

i have already purchased the certificates previously. i replaced the domain.com-selfsigned-20190604.pem with my csr and ssl_private_key.pem with mine. when i rebooted or shutdown i tried both and mailinabox wouldnt startup. it would say the nginx server was down or that it was a bad cert. i have tried reinstalling using the mailinabox command, still not working

If you’re not using the CSR that was provided by MIAB, you’re going to run into errors. The CSRs have to match or they won’t decrypt properly.

As @alento says, it’s MUCH easier to just use Let’s Encrypt included with MIAB, but if you choose to use your own certs, you have to have MIAB give you the CSR to make sure the request from the box and the certificate itself match.

Just confirming … is this a typo? or did you replace the certificate with the csr? If this is the case, then it sounds like you replaced the wrong file.

What you need to do is to put the certificate in the directory /home/user-data/ssl/

BEFORE YOU DO ANY OF THE FOLLOWING MAKE SURE YOU SAVE A COPY OF THE ORIGINAL PRIVATE KEY FILE SO THAT YOU CAN REVERT CHANGES.
(sudo mv ssl_private_key.pem ssl_private_key.pem-original will work)

You will also need to replace the ssl_private_key.pem file with the private key file that corresponds to the certificate.

Let’s assume the certificate file name is: box.mydomain.com-20190702-fff03cc5.pem

You then need to symlink the file ssl_certificate.pem to it.

The symlink should look something like this:

lrwxrwxrwx 1 root root 61 Apr 3 03:02 ssl_certificate.pem → /home/user-data/ssl/box.mydomain.com-20190702-fff03cc5.pem

see below…

so when i try to use the CSR that the box provides with SSLcertificate.com i get the following error
Error

Parsing CSR error.
The following mistakes were found in your CSR-code:

  • Organization cannot be blank. Use “NA” if it is not defined
  • State cannot be blank. Use “NA” if it is not defined
  • Locality (City) cannot be blank

Please generate a new CSR avoiding mistakes that shown above.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.