> ## Documentation Index
> Fetch the complete documentation index at: https://help.noxity.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Requests

> Generate a Certificate Signing Request (CSR) to send to a third-party Certificate Authority. New tab in cPanel's revamped SSL/TLS interface.

A Certificate Signing Request (CSR) is the file a Certificate Authority asks for when you buy a paid SSL certificate. It contains your public key plus the metadata (domains, organization, contact email) the CA puts into the issued certificate. The Requests tab generates CSRs for you.

Open it from cPanel home → **Security** → **SSL/TLS Certificates** → **Requests**.

<Frame caption="Requests tab with the existing CSRs and the Generate form">
  <img src="https://mintlify.s3.us-west-1.amazonaws.com/noxity/images/cpanel/security-settings/ssl-tls-certificates/requests/listing-light.png" alt="Requests tab listing existing CSRs with the Generate New form below" className="block dark:hidden" />

  <img src="https://mintlify.s3.us-west-1.amazonaws.com/noxity/images/cpanel/security-settings/ssl-tls-certificates/requests/listing-dark.png" alt="Requests tab listing existing CSRs with the Generate New form below" className="hidden dark:block" />
</Frame>

## When you need a CSR

You don't need one for the common case. The free [Wizard](/web-hosting/cpanel/security-settings/ssl-tls-certificates/wizard) flow handles Let's Encrypt CSRs internally and you never see them. Generate a CSR here when:

* You're buying a paid certificate from DigiCert, Sectigo, GoDaddy, Comodo, GeoTrust, or another commercial CA. They'll ask for a CSR before issuing.
* You're getting an Extended Validation (EV) or Organization Validation (OV) cert and need explicit organization fields baked in.
* You're applying for a wildcard cert at a CA that doesn't support automated DNS challenges.

For most sites, AutoSSL and the Wizard are enough; this tab won't come up.

## Generate a CSR

<Steps>
  <Step title="Pick or generate a key">
    From the **Key** dropdown, either generate a new RSA 2048-bit key (the default), or pick an existing key from the [Keys tab](/web-hosting/cpanel/security-settings/ssl-tls-certificates/keys). The CSR is bound to this key; the eventual certificate will only work with the same key.
  </Step>

  <Step title="List the domains">
    One per line. Include every hostname the cert should cover.

    * Bare domain and www: `mybrand.com`, `www.mybrand.com`.
    * Subdomains: each one explicitly.
    * Wildcards: `*.mybrand.com`. Note: many CAs charge more for wildcards or multi-domain (UCC/SAN) certs.
  </Step>

  <Step title="Fill in the organization fields">
    All required by most CAs:

    * **City.** Full name of the city.
    * **State.** Full name of the state or province.
    * **Country.** From the dropdown.
    * **Company.** Legally-registered business name. For an OV/EV cert, this string ends up in the issued certificate as-is and the CA verifies it.
    * **Company Division.** Optional. Department or team.
    * **Email.** A real, monitored address. Some CAs use this for verification.
  </Step>

  <Step title="Add a passphrase (optional, usually skip)">
    Some CAs ask for a CSR passphrase as a second factor. cPanel notes that the passphrase is stored unencrypted in the CSR, so don't reuse a real password. Leave blank unless your CA specifically asks for it.
  </Step>

  <Step title="Add a description (optional)">
    Helps you find this CSR later in the list above the form.
  </Step>

  <Step title="Click Generate">
    cPanel produces the CSR text. Copy the entire block from `-----BEGIN CERTIFICATE REQUEST-----` to `-----END CERTIFICATE REQUEST-----` and paste it into your CA's order form.
  </Step>
</Steps>

## After the CA issues the cert

Once the CA validates and signs the cert, they email or download a `.crt` file (sometimes a `.zip` with several files). Bring it back to cPanel:

1. **Upload the cert.** Paste the issued cert body into the [Certificates tab](/web-hosting/cpanel/security-settings/ssl-tls-certificates/certificates).
2. **Install it.** Either click Install from the cert row, or open [Installation](/web-hosting/cpanel/security-settings/ssl-tls-certificates/installation), pick the domain, and let cPanel link the cert to the matching key automatically.
3. **Add the CA bundle if cPanel can't find one.** Most public CAs publish their intermediate chain online and cPanel fetches it. For a private or unusual CA, paste the chain into the **CABUNDLE** field at install time.

## Manage existing CSRs

The list at the top of the page shows every CSR on the account. Most of them are kept around in case you need to retrieve the original CSR text or rebuild from the same key.

Per-CSR actions:

* **View.** Reopen the CSR text. Useful if you need to re-paste it into the CA's order form.
* **Delete.** Remove the CSR from the server. The matching private key in the [Keys tab](/web-hosting/cpanel/security-settings/ssl-tls-certificates/keys) is not deleted automatically; clean it up separately if it was a one-off.

## Common issues

<AccordionGroup>
  <Accordion title="The CA rejected my CSR with 'common name mismatch'">
    The first domain in your domains list is the Common Name. If your cert is for `mybrand.com` but you put `www.mybrand.com` first, some older CA flows reject it. Reorder the list and regenerate.
  </Accordion>

  <Accordion title="CA wants Apache 2.x format, but cPanel uses 'something else'">
    cPanel's CSR is standard PEM. It works with every modern CA. If a CA asks for "Apache 2 format", what they mean is the same PEM block; just paste the whole `-----BEGIN CERTIFICATE REQUEST-----` block.
  </Accordion>

  <Accordion title="I lost the private key after generating the CSR">
    There's no recovery. The CA-issued certificate is unusable without the matching private key. Regenerate everything: new key in [Keys](/web-hosting/cpanel/security-settings/ssl-tls-certificates/keys), new CSR in this tab, contact the CA for a re-issue against the new CSR.
  </Accordion>
</AccordionGroup>

## Need a hand?

<CardGroup cols={2}>
  <Card title="Open a ticket" icon="life-ring" href="https://members.noxity.io/submitticket.php">
    Best for anything that needs an account check or a config change on our end.
  </Card>

  <Card title="Live chat" icon="messages" href="https://noxity.io/contact">
    Faster for quick questions during business hours.
  </Card>
</CardGroup>
