My Installation is container. It isn’t exposed to the internet. I use VPN via OpenVPN to connect in remotely. The SSL is just for the mobile app to work and a few other things (iFrame into Grafana for example). I have a domain, which i’ve created an external DNS A-record to point to a 192.x.x.x IP address and i use an SSL cert on that address. It worked really well previously, but my SSL cert expired and I decided to go with a renew via a cheaper cert from cheapnames.
I created the CSR via a terminal from another container on the same host. I sent it through to cheapnames, and it generated some files (once i’d validated via DNS CNAME):
(the bit in the files I’ve hidden is just my domain name)
Previously, when it was working the files were .cer and .key which i used in my http config to get it all working (i.e. no NGINX proxy or anything - just yet) 
Clearly, i don’t know much about SSL certificates, i tried using the new files in their place, and that didn’t work. Then i read i need to convert the files to CER using openssl via terminal:
openssl pkcs7 -print_certs -in domain-name.p7b -out domain-name.cer
Here’s my log output, created after reboot.
Note the line “Enter PEM pass phrase”.
Any ideas?