I would like to move my web site ( https://eax.me/ ) from shared hosting to DigitalOcean and use Let’s Encrypt instead of my current CA, Thawte. I already used Let’s Encrypt, but only for sites that didn’t have TLS before. It is my understanding that I have to do something like this:
Deploy an unencrypted copy of my website at DO
Edit DNS record
When the website is moved to DO, configure Let’s Encrypt as usual
The only thing that bothers me in this scenario is that for some time users who find my website in Google will see “Connection refused” since there is no TLS yet.
Is there some way to avoid this situation? Maybe anything else I should consider? E.g. will users see any warning regarding sudden certificate change?
this isn’t a good idea. You would break your current https.
One option: There are “pure online clients”. So if you can create (current hosting) a directory /.well-known/acme-challenge/ and save a file (given from the online client), you can create a certificate with your current hosting environment. Then you can install a webserver, install this certificate and copy the content.
Second option: Do you have the private key of your current certificate? Then you can use the old certificate with your new hosting and create a Letsencrypt certificate later.