Hello All - I have been using Let's Encrypt SSL since Jun 2020. The auto renewal is working fine. Very happy with the SSL Certificate working. No issue so far.
I have upgraded internet service with ISP last week. I will be receiving new Modem/Router on Wed. The Public IP will change once the new service is activated. How will this affect Let's Encrypt auto renewal? I know how to change the public IP at GoDaddy and other configuration for mail flow. Just worried about Let's Encrypt auto renewal. Appreciate your help.
The current public IP 99.xxx.xxx.xxx - I will know new public IP address on Wed. Please note there is no change to the domain name.
Thanks
Ram
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: ramlan.ca
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Since your Let's Encrypt certificate does not contain any information about your current IP address, you don't have to worry about immediately renewing it when your IP changes. The certificate you already have will continue to work no matter what your IP address is.
Changing the public IP in DNS with GoDaddy is the correct first step. You mentioned getting a new modem/router. I'm guessing you originally setup a NAT port forward for port 80/443 to let HTTP/HTTPS requests reach your webserver. Make sure any port forwards from the old router are migrated to the new one.
Theoretically, that should be it. As long as your web server can reach the Let's Encrypt servers, and the Let's Encrypt servers can reach your web server on HTTP port 80 (assuming you use HTTP challenges), the renewal process should continue working.
And of course you should then monitor the renewal of the cert, in general this will just be a manual check when you think the cert should have already renewed.
As an aside, my Certify The Web app has support for a bunch of external certificate management tools (win-acme, Posh-ACME, Certbot) and can provide a quick visual reference to see when each certificate last renewed (you just open the app and it will find the config for each if you have it, read only). Alternatively, each ACME tool usually has it's own way of checking renewals.
Yesterday, I received Rogers Ignite Technicolour CGM4331COM gateway router. This new model router has few drawbacks - cannot disable DHCP and cannot use windows dns server. As a result the entire home lab is broken. I will have to rebuild the lab after, I get another router with WAN and LAN ports so, I can enable bridge mode on the new Rogers Ignite modem and route the traffic through my router.
Not sure what will happen to Let's Encrypt SSL certificate that was issued to Exchange Server 2019. As of now Exchange Server 2019 is DOWN due to change in Private and Public IP Address within the lab.
Nothing happens to a certificate when an IP changes.
Certificates are bound to FQDNs, or wildcards, and they have a usage life (start and end date).
Global DNS determines where those names are (now), and thus where those certs can be used.
Global calendar (clock) determines when that cert can be used (trusted).
Define "DOWN"? If you have the same exchange server it will still have the same certificate, unless you bound the certificate directly to the (old) specific IP. In general make sure bindings in IIS use "All Unassigned" for IP and use SNI (with hostname set in the https binding).
In the process of rebuilding home lab. I will be using same exchange server name (EX2019) and no change to the domain name (ramlan.ca). I will make sure IIS bindings are properly configured.
I did not rebuild the lab. Just enabled bridging mode on Rogers modem and used TPLink modem to reconfigure the lab. Now the mail is flowing and I am back. DHCP Server and Win Server working. All in all everything is working as it was before.
I even checked, if the certificate (SSL) is renewed and it did on 7th Nov.
