How do I install SSL? No Key or CA, Only CRT

Question

I have a VPS with Apache2.

I have installed SSL before in my websites, but always form freeSSL or ZeroSSL, they give me 3 files:

Private.key

ca_bundle.crt

certificate.crt

I replace them for the old ones and all is peachy (I configured it once and just replace the files on reactivation).

Now I have issued a year long SSL service from Comodo SSL, and they send me a mail with this information:

"Thank you for placing your order. We are pleased to announce that your PositiveSSL Certificate for * has been issued.

Attached to this email you should find a .zip file containing:

Root CA Certificate - AAACertificateServices.crt

Intermediate CA Certificate - USERTrustRSAAAACA.crt

Intermediate CA Certificate - SectigoRSADomainValidationSecureServerCA.crt

Your PositiveSSL Certificate - ***.crt

You can also find your PositiveSSL Certificate for ** in text format at the bottom of this email."

And I really have no Idea what to do... I tried Google but can't find any guide, they talk about CSR or other things and I just want to install this and forget about it for a year like I did before for 90 days... Please help me, I need to have SSL running for my Magento 2 installation to work.

Answer 1

To use a certificate you need the certificate file itself (.crt) AND the key file (.key) ( Extensions may vary but, as you know, on linux it doesn't matter): if you're missing one of these, you're pretty much screwed.

To get a certificate, the following steps are necessary:

• a key file needs to be generated
• from the key file a CSR is generated
• the CSR is signed by a CA (for you it's Comodo) and the result is the certificate file

The key file and the csr can be generate by you (who are requesting the new certificate) or (in this case) by Comodo during the procedure you followed. According to what you wrote, probably, during the procedure you've been asked to provide a key or let them generate one and you picked the 2nd option.

I've never used Comodo so I don't know how their interface works but IMHO you have 2 options: login with your account and look for an area where you can download the certificate and check for the possibility to download the key too OR contact them and ask for support to download the key file.

There is no way to use the certificate file without a key file.