Generate a new CSR without removing the existing


Is there a way to generate a new CSR without removing the existing cert within Interworx?

If I’m understanding correctly, I need to delete the private key and CSR so I can generate a new private key and then CSR. During this process the SSL on the site breaks which isn’t ideal when it takes hours to days to get the cert.

If there isn’t a way within Interworx’s UI, is there a way through the CLI or otherwise on the command line?


Interworx has let’s encrypt which is free SSL which is dependent on dns records pointing to the hosting server

This would auto renew before expiry

I do not understand how if using a paid SSL which requires a fresh CSR how it takes days. It should only take around an hour or less depending upon your CA you use and type of SSL

Many thanks


Unfortunately I have one client who pays for their certs. They have some reasonably strict security business practices because of the industry that they’re in so Lets Encrypt doesn’t work for them. Do I think that’s the best – no – but I have no power to change things in this situation.

I need to generate a new private key and CSR, send it to them, and then they need generate it. Yes, this shouldn’t take very long, but it’s still not going to be a couple minutes. Using just the built in methods, the site would show an insecure method during that time.


Many thanks

The simplest way to be sure I would do the following

In siteworx for the domain

Goto ssl and view each, then copy and paste into a text editor and save eg private key view private key and copy and paste into a text editor and save then move onto CSR ssl and chain

Once done instead of view click delete

When all have been deleted, create new private key and create new CSR

Make a copy of them and send your client the CSR for new certificate

Then delete the CSR and private key

Then create new private key but select use your own and copy and paste the original from above and save and do same for CSR ssl and chain

You may have to restart Apache

Or you could try just copying the ssl files as shown in the domain conf file but I prefer above

Then with new ssl arrives delete as above and use new saved private key and CSR then add ssl and chain and restart Apache

Should take less then 5 minutes

Many thanks


That’s the only way that I’ve found as well. Unfortunately, as Apache is restarted after each step, the site goes down for a bit of time, though very long.

It would be really nice if there was a way to generate a new private key and CSR “on the side” and then when the new cert comes in, put those in place along with the cert.

It would also be nice if there was a way to say “don’t restart apache” after each step. Even if I can generate the cert right away, the site is still going to be a broken state for 5+ minutes.

Maybe someone else has a method or idea?


Yes I know interworx have that feature on the roadmap for development in the future

If you have another interworx server, you could create the domain and generate what you need then copy and paste the details over at the time which would not affect the current ssl state

Many thanks


That’s a good idea since the domain doesn’t need to be pointed there to generate the private key & CSR.

You should be able to disable apache restarts for a moment while you do this by adding a prevent-httpd-restart environment flag with:

 touch ~iworx/etc/env/prevent-httpd-restart

This will basically tell InterWorx to skip restarting httpd until the above file is removed. It was originally designed to prevent restarts while folks did a large number of imports, but it should work here too.

Just be ABSOLUTELY sure to remove the file once you are done or you’ll run into issues when apache actually needs to restart (adding accounts, etc.).

Hope that helps!

That’s very helpful! (Both for this and otherwise.)