Certificate shuffle


#1

I have an Ubuntu 16.04 server running OwnCloud from my house with letsencrypt.
I would like to rename that server to home.example.com, and move the main certificates to a new server at digitalOcean.

So old setup was like this:
Home - example.com

And the new setup would look like this:
Home - home.example.com
D.O. - example.com

I can’t Google up a set of instructions :frowning:


#2

Hi,

In order to rename your server, please just rename the apache config (server_name) or nginx… Then change your dns (IP addresses) & run certbot again.

Thank you


#3

It’s Apache.
So will that delete the old certificates from my home server? I can’t seem to wrap my mind around the mechanism that prevents certificate stealing. How would letsencrypt know the new DO server was allowed to call itself example.com??


#4

Let’s encrypt use DNS or HTTP validation to confirm… Hense if you point the domain to server, it would pass the validation.

Thank you


#5

Ah, in DNS we trust :smiley:
Thanks @stevenzhu.


#6

Oh… It also need to pass some tokenlized validation.

(DNS: Add txt record, HTTP: Add tokenlized challenge file)


#7

I’ve never heard or (or used) okenlized validation. But it’s now required? Can you elaborate please?


#8

Sorry… Misspelled…

Tokenlized…

Take a look at this: https://letsencrypt.org/how-it-works/


#9

I read that, but it doesn’t mention adding a dns text record. I don’t understand when that is needed.


#10

It depends on your challenge type. The HTTP-01 challenge requires you to place a specific file with specific contents at .well-known/acme-challenge/ on your web server. The DNS-01 challenge requires you to create a DNS TXT record at _acme-challenge with specific contents.


#11

Ok. I’ll see how it goes. thanks.


#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.