Once a year I have to go through the SSL renewal/activation process and every time I get frustrated with it. These notes have been written so that when next year roles around and I’ve forgotten the steps again I have an easy process to follow.

Click the link in namecheap that lets you “reissue certificate”

First you need to generate a CSR code (Certificate Signing Request)

Save the csr/private key. I use a note in bitwarden.

Copy the CSR into the reissue form.

DCV method (Domain Control Validation). This is where I always have problems. What I have gotten to work is the email method. To do this I need an email associated with the domain, so I use the namecheap email service with a free trial or purchase it for just one month (ensuring auto renew is off).
Active the email address “admin@domain.tld” (eg admin@monkeymatt.racing) then select that address in the reissue form. (you can also set a catch all address if you don’t use admin).

The email has a code and a link. Follow the link and enter the code which validates that you do indeed own that domain.

Once validated it sends the SSL certificate to the email for your namecheap account

Next we need to go into the EasyWP management dashboard and enter the SSL details. Namecheap -> app -> EasyWP or https://dashboard.easywp.com/

Click through to change SSL, using custom certificate. Paste in the private key from the CSR step, and the SSL crt and bundle you just got from the email.

You might need to click the active toggle and refresh the page.

DONE. Not so tricky after all.

Some instructions here but I needed more specific: https://www.namecheap.com/support/knowledgebase/article.aspx/9874/2287/easywp-how-to-add-ssl-to-your-wordpress-site/