Managing Third Party Security Certificates Estimated Reading Time: 2 Minutes If you are unable to use Ubersmith's built in Let's Encrypt support, you will likely be purchasing a certificate from a third party Certificate Authority (CA). When renewal time arrives for your certificates, updating your security certificates is a fairly straightforward process. Get a New Certificate If you can reuse the key and CSR (certificate signing request) from your previous purchase: Locate the existing certificate file in/usr/local/ubersmith/conf/ssl. Make a backup, then replace it with the new certificate from your CA. If you cannot reuse your key and CSR: Generate a new key‑CSR pair, then order the certificate from your CA. Locate the existing key and certificate in /usr/local/ubersmith/conf/ssl. Back up both files, then replace them with the new key and certificate. Update CA Bundle and Check Configuration If a CA bundle exists in /usr/local/ubersmith/conf/ssl, replace it with the latest bundle from your CA. Verify that the filenames in your Apache configuration match those of your Ubersmith installation. For example: # grep SSLC /usr/local/ubersmith/conf/httpd/sites-enabled/billing.ubersmith.com.conf SSLCertificateFile /var/www/ubersmith_root/conf/ssl/billing.ubersmith.com.pem SSLCertificateKeyFile /var/www/ubersmith_root/conf/ssl/billing.ubersmith.com.key SSLCACertificateFile /var/www/ubersmith_root/conf/ssl/cabundle-billing.ubersmith.com.pem (The path may differ; only the filenames need to match. In this configuration file, the path shown is used inside the web container.) Restart Apache Navigate to the Ubersmith directory:cd /usr/local/ubersmith Enter the web container (Ubersmith 4.x):docker-compose exec web bash or (Ubersmith 5.x):docker compose exec web bash Restart Apache:apachectl restart If Apache fails to start, restore the previous certificate (and key, if applicable) and try again. A failure usually indicates a key‑certificate mismatch or incorrect file formatting.