Today, I finally wanted to issue my already purchased certificate for my main web page (StartSSL’s certificate has expired). I’ve generated a CSR about a month ago, but I didn’t have the time to complete the validation process, so I just left it how it was.

As I finally got around to validate, I received my new public certificates. But, stop. Where did I put my private key when generating the CSR?

Scrolling through my bash history, horror ensued. I’ve done this in /tmp/. For a non-Linux user, that may not sound dangerous (apart from almost no security there), but /tmp/ is cleared on every reboot.

Thanks to the great NameCheap Support (thanks, Anna!) it could be re-issued by a manual approval process.

Lesson learned hard:

  • Take your time for SSL certificates
  • Have your domain-E mail ready
  • Store everything in a secure AND organized place
  • Never store anything but REAL garbage in /tmp/
Advertisements