Long time i didn't bother you with my questions, so here we go :
According to this previous topic of mine :
I will so regenerate certificates on my new server. But the problem is, as long as my migration isn't active, i use temporary subdomains to test my new server : For example, current production server is accessed through app.mydomain.com, and my test / future server is accessed through app2.mydomain.com. So , how can i generate certificate for my real domain name (app.mydomain.com) on my new server, as long as it's in test ? I would like to have them well configured BEFORE changing dns ...
Thanks for your help.
point both names to production IP - (Public DNS change).
generate one cert with both names on the production system.
copy the new production cert files to test server.
point the test name back to the test IP - (Public DNS change).
Note: low DNS TTL would help expedite the process
Thanks for this answer, but if you take a look at the older thread i mention in my first post, the idea of copying files, despite it was my first thought, seems not to be a good idea …
So, should i whenever take this option ? Or is there a way to generate certificates for domains on servers on which the domain doesn’t redirect too (option which would surprise me, to tell the truth) ?
If you could authenticate via DNS you could essentially be completely offline.
Not sure how to make that happen, but it sounds possible.
Yes, use the DNS-01 challenge, perhaps with acme.sh.
This can generate certificates on any system that’s capable of changing the DNS records for the certificates’ subject domain names, regardless of whether the DNS records point at that system or whether the subject names currently even point at any server at all.
Here, we are WAY above my capabilities on this topic. By the way, my dns is managed by the hoster, not directly on my server, so i think, even if i had technical skills to do so, i couldn’t use your solution while (if i understood your answer, of course) my server doesn’t manage his own DNS records, right ?
I really think i’ll make it using a rsync or something like this.
Well, some people have APIs provided by the hosting provider or domain registrar for updating DNS records. acme.sh has support for many of the most common APIs that can do this. But that definitely doesn’t apply to everyone’s situation.
Thx very much for your help. One day (or another), i’ll dive into all of this, but first things first, i actually made it with a simple rsync command.
Have a nice day, looking forward to come back here to have a little talk
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.