Migration of LetsEncrypt to AWS EC-2 Linux


#1

My domain is: lemandarinschool.com

I am currently in the midst of migrating my appln from my current hosting server to AWS Ec-2 Linux and facing the problem of migrating Lets Encrypt cert. The existing hosting provider is unwilling to provide me the required pem files (cert.pem, fullchain.pem, privkey.pem) and so I am in a fix.

I am only given security.crt and security.key files and I am wondering is it possible for me to generate the pem files from these two files?

Also, I actually went ahead to create the lets encrypt cert using certbot on AWS but it was successful as I think it did not authenticate against the Lets Encrypt cert that I originally have. But as my appln is using the original cert for authentication and hence I could not run the application on AWS.

My proposed solution is to remove the original Lets Encrypt cert (if I cannot generate the pem files) on my appln and reinstall the new cert again on AWS using certbot. So how I remove the Lets Encrypt files created previously? Will the removing the pem files suffice?

Thanks in anticipation.


#2

Hi @hontosan

you have two certificates created Tuesday, 23.10.2018.

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:lemandarinschool.com&lu=cert_search

So you should have a new certificate.

I don’t understand your setting. Do you use your old certificate with your old webserver? But it’s not a problem to change the webserver, create a new certificate (you have two) and use the new certificate with the new webserver. So both servers (old and new) are secure, when you change your A-record.

To install a new certificate on your new webserver, the old webserver is completely irrelevant. There is no need to remove or delete a certificate.


#3

Thanks Juergen. I am not aware that you can have more than one lets
encrypt cert for the same domain.

As I am using wordpress, I just discovered that the lets encrypt cert
of the old server (ca-bundle.crt) has to be included in the
/wordpress/wp-includes/certificates directory which causes the
conflict with the new server’s (AWS web serve) lets encrypt cert which
are pem files.

Is there anyway I can generate a copy of ca-bundle.crt for my new lets
encrypt cert ?

Many Thanks!


#4

What exactly is in the current `ca-bundle.crt’ file?
If it is text readable, just grep it for ‘BEGIN’ and reply with those lines.
From that, we may be able to help you generate a similar file from the certbot pem files.


#5

As @rg305 has wrote: I don’t know what format Wordpress wants.

If you have two files, then one contains the private key. The other contains the signed public key. You can share the content of this file without a risk.

Then we can check it.