Let's Encrypt on sites that transition from dev to live sites


#1

Hi all,

One common deployment scenario that I encounter is where over the course of a few months, I build out a webserver, and then later switch the DNS to the new server to make it live. Usually, as one of the pre-deployment steps, I generate an SSL certificate for the new server (or copy the ssl certificate from the original server to the new server) so when I go live, the cert will already be valid. This way, I don’t have to worry about ssl generation during or after go-live.

From the demos that I’ve seen, it looks like the let’s encrypt client requires that the domain be pointed at the server running the client (to verify the domain). This means that it might be difficult to support the above scenario without some period of an invalid certificate.

Is there a recommended approach to use let’s encrypt to establish a certificate prior to switching the DNS over to a specific server?


#2

You can use manual confirmation (-a manual) for such cases.
https://github.com/diafygi/letsencrypt-nosudo may also be useful.


#3

You can also copy the certificate, but why not switching the DNS and issuing the certificate afterwards if it’s still before launch?


#4

I would recommend copying the old certificate over to the new server before switching the DNS.


#5

Thank you for the feedback.