I would like to move my web site ( https://eax.me/ ) from shared hosting to DigitalOcean and use Let’s Encrypt instead of my current CA, Thawte. I already used Let’s Encrypt, but only for sites that didn’t have TLS before. It is my understanding that I have to do something like this:
- Deploy an unencrypted copy of my website at DO
- Edit DNS record
- When the website is moved to DO, configure Let’s Encrypt as usual
The only thing that bothers me in this scenario is that for some time users who find my website in Google will see “Connection refused” since there is no TLS yet.
Is there some way to avoid this situation? Maybe anything else I should consider? E.g. will users see any warning regarding sudden certificate change?