DRAG DROP [Tools and Code Analysis] You are a penetration tester reviewing a client’s website through a web browser. INSTRUCTIONS Review all components of the website through the browser to determine if vulnerabilities are present. Remediate ONLY the highest vulnerability from either the certificate, source, or cookies. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. 
I think the right order to fix the expired cert is:
1. Generate a CSR
2. Submit CSR to CA
3. Install the re-issued cert
4. Remove old certificate.
I saw something similar in practice questions, but not 100 percent sure. Can someone confirm?
Looks like the correct flow is Generate CSR, Submit to CA, Install new cert, then Remove the old one. That's the usual process in official Pentest+ materials and lab sims.
This matches standard PKI cert renewal steps. You can't install before the CA signs off, and you don't want to remove the old one until you're sure the new cert's live. Pretty sure this is right, but open to corrections if I missed something.
I’d go with Remove certificate from server first, then Generate CSR, Submit CSR to CA, and Install re-issued cert. Might be off but figured you’d want to clear old certs before generating a new one. Not 100 percent on this though-could see Step 1 and 4 being flipped.
