Changing hosts - but no access to the /etc

I’ve seen lots of posts about moving Let’s Encrypt when you’re changing hosts, but all of them require you to access the /etc folder to obtain the files and move them over. I don’t have that option.

I have a website client who is in the fun situation where “a friend hosts us for free”. They’ve realized the mass limitations of such an arragement, and decided to move to a hosting account of their own. The thing is, their “friend” has only given me limited access to what I can do, and half of the access he thinks he’s given me doesn’t work (I don’t have time to train someone to give me the access I need, especially when that someone fights me every step of the way because they think I’m trying to steal something.)

The “friend” is on Dreamhost. They also got a new Let’s Encrypt certificate for the domain (purchased through Dreamhost) about a month ago. I moved their site to SiteGround yesterday (which also allows for Let’s Encrypt). The domain doesn’t expire for almost a year, so they’re going to leave it at Dreamhost until about March, where they’ll move the registration elsewhere. I’m changing the DNS records tomorrow to point away from Dreamhost to the new Siteground nameservers. I have full access to everything at Siteground, but only access to public_html at Dreamhost.

My question is: what is the best way to handle this? If I change the nameservers to point to Siteground, but leave the domain name (and Let’s Encrypt) at Dreamhost, how do I get it to continue working? Will just popping something into .htaccess work? Do I need to issue a new certificate? (I hope not, because I can’t.) Keep in mind I will get NO help from the “friend” who helped them in the first place, so if he needs to do something to make this work, it won’t happen. He’s already made that clear.

Any advice for me?

It's usually not required. If you want or need the exact private key, yes. But there's usually no reason you can't just create a new certificate. Indeed, it's often easier.

(The only reasons I can think of are dangerous usage of HPKP, usage of non-browser clients that don't validate certificates normally and prompt the user when the key changes, or because someone's recently issued a lot of certificates and hit the rate limits for a week.)

I'm not sure exactly how DreamHost's Let's Encrypt integration works. It's likely they don't allow private key export, since it would take time to write the feature, and people rarely need it. It's possible that, for security reasons, they can't allow it.

It wasn't purchased, exactly. Let's Encrypt is free, and DreamHost doesn't charge extra to use it. Y'all could be paying DreamHost for unique IPs (for compatibility with extremely old clients), but not the certificates.

A lot of this depends on the tooling available at DreamHost and SiteGround. Most things are possible in theory, fewer of them are implemented in practice. And I don't know much about either company's tools, so I'm not well qualified to answer this.

The domain registrar (DreamHost) isn't important. What matters more are the DNS and HTTP hosting (also DreamHost, for now).

You should be able to issue a new certificate, if only manually, using a client on your PC or one of the browser-based clients, and then upload the certificate and key to SiteGround. (You can switch to a more automated configuration after the migration.)

You have access to upload files, right? HTTP-01 validation just requires creating a special file in /.well-known/acme-challenge/ on the website.

If you can edit the .htaccess, or DNS records, more possibilities open up, but they're probably not necessary, or supported by SiteGround.

The big questions are how much your access to DreamHost is restricted, and what features SiteGround supports to onboard new sites.

In the worst case scenario, you can cut over to SiteGround without SSL support, and set it up immediately afterwards. You should suffer only a few minutes of HTTPS downtime.

1 Like

I meant the domain name was purchased through Dreamhost - that’s the current registrar :slight_smile:

Thank you so much for the info! I appreciate it. We’ll see how it goes, I guess!

1 Like

Oh! I misread you.

Good luck. :smile:

Okay, further questions (and right now BOY am I glad the client is on the other side of the country, because this is buying me a couple of hours LOL)

I revoked the Let’s Encrypt certificate on Dreamhost (the registrar for the domain name). I changed the nameservers to point to Siteground.

The DNS has propagated to Siteground everywhere already, but it’s still pulling the site up on Dreamhost. (for the life of me, I can’t figure that one out.)

So I need to re-create the Let’s Encrypt on Siteground or Dreamhost? I’m not sure where that needs to be activated. I can do it on either one, (for now it’s on Siteground, but I’m getting a “Danger Will Robinson!” error when I visite the https:// version of the site, and the http:// version is still pointing to Dreamhost. Should I have just re-installed the certificate on Dreamhost? (again, the site files are hosted on Siteground now - the only involvement Dreamhost should have at this point is they are the current domain registrar)

It seems to be I’ve done it correctly (i.e removed the certificate from Dreamhost, and activated it on Siteground), but the site is still pointing to Dreamhost even though all the DNS checks say it’s propagated to Siteground. (I have cleared my cache)

Changing the delegation of name servers and changing the address records of a domain are two different things. You could also change delegation but keep the same address configuration for the domain. The only question is: what ip address does the domain now point to? If you'd mention the name here, one could identify the problem better.

1 Like

I’ve got it sorted. It’s my computer :smiley: I’ve checked it on 3 different computers in this house (and a couple of friends on other parts of the country have done it as well) and something in my computer or router is hanging onto Dreamhost. Everyone else is seeing what they should :slight_smile: So thank you!

In case anyone else comes across this message in the future, it worked. The steps I took (just to be clear) was a) deactivate Let’s Encrypt at Dreamhost. b) Change the nameservers to point to Siteground. c) logged into Siteground and activated Let’s Encrypt there.

Site is now working like it should (everywhere my my own laptop, apparently LOL)

I REALLY appreciate the help you guys gave me! Thank you so much.

Oh, i should also mention (in case anyone else comes along again) that shutting down my computer, resetting my router, and booting my computer back up fixed the caching issue for me - it works on my computer now. You know, just in case anyone else has the issue.

In case you run into this again, flushing your computer’s dns cache would probably have fixed that as well, as the issue was likely stale cached records. On Windows you can do this by opening a command prompt and entering ipconfig /flushdns.

1 Like

Thank you! I’ve never done that before, actually - didn’t even think about it, but you’re right.

I’m on a Mac though, so sudo killall -HUP mDNSResponder on OSX Sierra is what works for that :slight_smile:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.