Migrating website in order to upgrade due to major upgrade - moving current letsencrypt

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.cefofkansas.com

I ran this command:
I created duplicate website (used latest Ubuntu upgrade 20.04. - old website was Ubuntu 16.04)
Copied html folder contents to new website
Copied etc/letsencrypt folder over to new website (same webserver provider. It was just a huge upgrade).
Installed Certbot using snap for Ubuntu 20.04
Copied cron.d over from old website to new.
Tested contents of new website for functionality
Changed DNS to point to new IP Address
I have restarted the server.
Certbot dry run is successful
DNS is pointing to the new IP Address
Cleared browser cache (as cached old website was showing up with no css, so wanted to be sure of what I was actually seeing)
Created VirtualHost record because I forgot to copy it from old website used this example for IPv6 core - Apache HTTP Server Version 2.4
Able to connect to HTTP
Not able to connect to HTTPS
I tried with ufw enabled and disabled
ufw was allowing port 80 and port 443 and Apache Full

It produced this output: Unable to connect to server message when entering https url for website, but http works.

My web server is (include version): Apache2

The operating system my web server runs on is (include version): Ubuntu 20.04 LTS

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot 1.18.0

1 Like

Hi @progress and Welcome back to the community!
I'd start with opening your port 443.

PORT    STATE  SERVICE
22/tcp  open   ssh
80/tcp  open   http
443/tcp closed https

See how that works for you and we can help debug further if necessary.
Migrations can be tricky business.

5 Likes

Thank you, much appreciated! I think I have opened port 443 now, but HTTPS is still not working.

2 Likes

That is good, but is Apache listening on 443 (ssl)?
Please show:
sudo netstat -pant | grep -Ei 'apache|:80|:443'
sudo apachectl -S

5 Likes

Thanks. I do not think that Apache is listening on 443. Hopefully the screenshots upload ?


Since the above, I have added the following. Your help is much appreciated.
Screen Shot 2021-08-11 at 4.52.06 PM

2 Likes

Well, yes, it seems that in your creating a duplicate website, you overlooked the Apache directory.

Do you still have access to the old website?
If so, you should also copy the contents of the Apache directory:
/etc/apache2
If not, then you might be better off using the certbot install feature to have it create the TLS secured vhost config.

5 Likes

Thanks!! I saved a snapshot, but unfortunately, since it was Ubuntu 16.04 it seems like I am not able to go back further than 18.04.

So, thanks very much for your recommendation since I cannot access the snapshot. I will work on that.

3 Likes

Thanks very much. I have managed to solve this, thanks for all the help.

In case this helps someone in the future, when migrating a website in order to upgrade and keep an existing ssl certificate, not only do you need to copy /etc/letsencrypt, but /etc/apache2 is needed also.

I thankfully had another website that I was able to retrieve the /etc/apache2 info and then just change the relevant info. It turns out that the reason port 443 was not listening was an invalid virtual host for 443. There was info in the mods-enabled and/or mods-available folders that I did not have, since I was concentrating on the virtual host 80 and virtual host 443 files. The virtual host 443 must have had an invalid command due to one or more mods that were not there.

So, as you mentioned above, it is important to also copy /etc/apache2!

Very grateful for all the help.

2 Likes

That's excellent news; glad to hear it!
Cheers from Miami :beers:

#FreeCuba

4 Likes

One more thing: To the person reading this thread in the future who also does not understand virtual host settings for letsencrypt and did not save the entire /etc/apache2 and /etc/letsencrypt ......... please don't copy my incorrect virtual host for port 80 and 443 above. The virtual host code also relies on files in other folders including the mods-available/mods-enabled (even though those "appeared" to be irrelevant) they now make much more sense. So, copying virtual host info without all the pieces that go with it, won't necessarily help. (You need everything in that /etc/Apache2 folder) It was a time consuming lesson I learnt but now know a little more about letsencrypt and port 443. Thanks!!

Hope this saves someone else some pain in the future.

It really is a very simple and straightforward job if only you save the needed files. Thanks again to @rg305 and @rip.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.