Configure Let's Encrypt on a new server


#1

I am currently running a web and mail server on a domain and am in the process of moving the services from one machine to another. What I would like to do is set-up the new server so that once everything is done, I only have to switch the IP address and have a smooth transition without any interruption (other than DNS propagation delay). Until then, the old server should operate and handle all connections. I already have Let’s Encrypt certificates on the old machine that I manually set-up without any server-ran tool. This should change on the new server and I would like to use certbot that should later also handle automatic renewals which I currently also do entirely by hand. However, if I request a new certificate with certbot on the new server, it wants verify the domain and of course, it cannot store anything in the server document root or spawn an own server because the domain points to the old IP. Any idea what I can do? The only thing I thought about was mounting the remote filesystem of the old server on the new server and specify the document root to point to the mapped document root of the old server. Other ideas?


#2

That would work. Using certbot in manual mode to obtain the initial cert, and placing the validation token on your current production server, would work. Using the DNS-01 validator would work. Copying the existing cert/key to the new server would work. There are a few options, as you see.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.