This article deals with generating a CSR request and a private key for an SSL certificate. If you want to enable HTTPS automatically on your Webhosting with a Let’s Encrypt certificate, follow the instructions in the article Webhosting – Quick HTTPS Setup.
In this article you will learn:
- How to generate a private key and CSR
- How to generate a certificate
- How to enter a certificate into the Webhosting administration
- Frequently asked questions
Generating a private key and CSR
The first step to generating your own certificate is to generate a private key and submit a CSR (Certificate Signing Request). You can submit this request, for example, via the online CSR Generator ⧉ (external link). Before filling in the form, carefully read the warning instructions.
If you want to generate the private key and CSR yourself, you can use the Linux tool OpenSSL. In the terminal, do the following:
- Generate the private key:
openssl genrsa -out privatni_klic.key 2048 - Generate the CSR request:
openssl req -new -key privatni_klic.key -out CSR_zadost.csr - Fill in the required information without diacritics. The certification authority will verify these details before issuing the certificate. Pay special attention to these items:
- Country Name (2 letter code): Two-letter country code
- State or Province Name (full name): Full name of the country
- Locality Name (eg, city): City name
- Organization Name (eg, company): Full name of a natural person, or the name of an organization
- Common Name (e.g. server FQDN or YOUR name): Website name (domain)
- Email Address: contact e-mail
The system will generate the private key and request and save them in unencrypted files privatni_klic.key and CSR_zadost.csr.
Store the file with the private key in a safe place, ideally on an external drive intended only for this purpose.
Generating a certificate
WEDOS does not offer or mediate certificate issuance (except for the Let’s Encrypt ⧉ certificate).
To secure your websites, we recommend choosing one of the foreign certification authorities. There are also many Czech intermediaries who can help you obtain a certificate, because this is not always a simple and easy-to-understand matter.
Request the certificate for the domain name you use in your website URLs. If the names do not exactly match, the communication will be encrypted, but not trustworthy (the browser will display a warning).
If you need to secure multiple subdomains, request a "wildcard" certificate *.domena.tld.
Multiple domains (aliases) can be secured with a SAN (Subject Alternative Name) certificate.
Deploying the certificate on Webhosting
After obtaining the certificate, enter it into the administration by following these steps:
- Log in to the customer administration ⧉.
- In the top menu, select Hosting Services Webhosting.
- Select the webhosting on which you want to deploy the SSL certificate.
- In the left menu, click HTTPS.
- Select HTTPS with a custom certificate on the domain (SNI).
- Fill in the form with the private key and certificate, both in PEM format. The private key password and certificate chain fields are optional.
- Click the Apply changes button.

Certificate settings typically take effect within 90 minutes.
Frequently asked questions
How do I create a CSR request for a domain and subdomains?
Enter only the domain name in the CSR request. A quality certification authority or intermediary will fill in the certificate details based on the selected variant (wildcard, SAN, …) during verification.