For a new domain on a new clean (bare metal) server I created the CSR and private key. I ordered the certificate from Geotrust and installed the certificate and CA-certificates.
I've done this dozens of times. And normaly this would be enough for the domain to work on https. Not this time...