I doubt the audience for this post is greater than 1. This is more aide-memoire than Post :-)

I recently had to renew my SSL certificate for the website using 1and1 as the SSL provider (the SSL Certificate is provided with the hosting account).

Try as I might the files generated would not load into the Web Server. There were a couple of things which were required:

1. The Certificate files seemed to require to be changed from .cer files to .crt files. I do not mean they had to be edited – I mean I simply changed the filetype.
2. The Private Key file would not install – indeed the logs suggested it could not be found. The issue was that the file had been generated with a password embedded – making it unreadable to the web server process – and the following OpenSSL command line code resolved the issue:

   openssl rsa -in original_file.key -out working_file.key

When this new file (working_file.key) was used in place of the original file the Web Server loaded once again.

And the website was encrypted..!