Certificate shuffle

I have an Ubuntu 16.04 server running OwnCloud from my house with letsencrypt.
I would like to rename that server to home.example.com, and move the main certificates to a new server at digitalOcean.

So old setup was like this:
Home - example.com

And the new setup would look like this:
Home - home.example.com
D.O. - example.com

I can’t Google up a set of instructions :frowning:

Hi,

In order to rename your server, please just rename the apache config (server_name) or nginx… Then change your dns (IP addresses) & run certbot again.

Thank you

1 Like

It’s Apache.
So will that delete the old certificates from my home server? I can’t seem to wrap my mind around the mechanism that prevents certificate stealing. How would letsencrypt know the new DO server was allowed to call itself example.com??

Let's encrypt use DNS or HTTP validation to confirm... Hense if you point the domain to server, it would pass the validation.

Thank you

1 Like

Ah, in DNS we trust :smiley:
Thanks @stevenzhu.

Oh… It also need to pass some tokenlized validation.

(DNS: Add txt record, HTTP: Add tokenlized challenge file)

I’ve never heard or (or used) okenlized validation. But it’s now required? Can you elaborate please?

Sorry… Misspelled…

Tokenlized…

Take a look at this: https://letsencrypt.org/how-it-works/

I read that, but it doesn’t mention adding a dns text record. I don’t understand when that is needed.

It depends on your challenge type. The HTTP-01 challenge requires you to place a specific file with specific contents at .well-known/acme-challenge/ on your web server. The DNS-01 challenge requires you to create a DNS TXT record at _acme-challenge with specific contents.

1 Like

Ok. I’ll see how it goes. thanks.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.