The operating system my web server runs on is (include version): ubuntu 18.04
My hosting provider, if applicable, is: ovh
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Current one yes, new one no.
Hi,
I’ll be migrating a new version of a website from one server to another one. The current one is managed by plesk, the new one has been installed and configured by myself. I need to migrate the https certificates from the current one to the new one(I saw some topics here but i have some more questions).
Can i just do the install procedure of certbot directly on the new machine and then redirect the domain name to the new server ? Will that work fine without creating any conflicts with the old one ? I’m concerned about this to ensure users don’t get error messages.
P.s. The current server does not have a /etc/letsencrypt. I suppose this comes from an alternate installation method from plesk.
there is one problem: If you use http - 01 - validation, your dns A entry yourdomain -> your-ip must point to the new server. So users don't see a certificate.
You can do another thing.
To create the first certificate on your new server, use --manual and --preferred-challenges dns. So the A-record is irrelevant. In 50 - 60 days, change that to --preferred-challenges http.
Using dns-01 - validation you have to create two dns txt entries
PS: You can also use the http 01 validation with the manual-option. And you can upload the validation file to your old server into /.well-known/acme-challenge.
The last idea: Find the public key and the private key in your existing plesk installation and copy these two files to your new server. Then you don't need a Letsencrypt client today.
You mean, if i first redirect my domain name first, from the old one to the new one and then do the installation of certbot this will work ?
Else, for the last idea, what does the public and private keys names look like ? This might be my easiest option ?
I actually got these in my nginx vhost file :
ssl_certificate /opt/…ates/cert-46ht9T;
ssl_certificate_key /opt/…ates/cert-46ht9T;
ssl_client_certificate /opt/…ates/cert-Bc5YeY;
Are these the files i have to copy @JuergenAuer ?
You can do it. But if Certbot fails, your users don't have a certificate. So you risk a downtime.
Yes, it's the easiest option. Because you can use the same certificate with different servers. And your current certificate is valide. But Plesk has it's own names. This
looks good. The ssl_certificate_key should be your private key. The "ssl_certificate" should be your public key.
Copy this file to windows and save it with the .crt - file extension. Then you should be able to open it - and see your valide certificate.
Now if i copy these to the new server in /etc/letsencrypt it would be ok ?
Or should i preferably use the ones declared in the nginx vhost (ssl_certificate /opt/…ates/cert-46ht9T;) ?
Ah and another question. I just copied the files over. Does it matter if i install certbot before or after i make the domain name point to the new ip address ?
Also, i'm seeing this tutorial
I must do everything but not the