- Reissue CSR and private key. chmod “400” on that private key
openssl req -new -newkey rsa:2048 -nodes -keyout star_tickitforhealth_com_2.key -out foo_new.csr
- Generate new crt package from your SSL issuer using CSR. Munge as required.
- Update nginx config to use new crt package and private key.
- SSL issuer does not know your private key.