Recently on several servers we manage came time to renew SSL certificates. This was the first time and painful time.
SSL certificates were taken via GoDaddy’s service and business is really straight forward. I will not speak about first installation of SSL with Apache. This is the info how to renew.
Basically, it should be really easy. Just download new certificate (certificate + bundle) in ZIP file from GoDaddy and extract at the same locations.
But it is not that easy.
The problem lies in PAM file your created back then when you did first installation. This file stores info on your server’s signature, certificate key from GoDaddy (storing all security info + valid dates etc). This means that part of PAM file is obsolete and must be changed with new key from certificate file.
Just open new certificate and do the copy lines between BEGIN and END and paste into old PAM file.
Restarting Apache is next step and checking if everything is fine.
Explanation on what lies in PAM file can be found here.