Move off Firebase, What happens to my LE cert?


#1

Hi all, first time here :slight_smile:

I’m quite happily hosting websites on Firebase Hosting. They provide SSL certs, issued by LE.

IF I wanted to move away from that particular provider to, let’s say, a self-managed AWS instance, What will happen to my cert?

Would I be able to issue another cert vía certbot or some other way? How can I revoke or invalidate the previous cert?

Thanks in advance.


#2

You will have to ask Firebase support what they do in this case.

You will be able to issue a new certificate for the domain using Certbot once you have adjusted the DNS records away from Firebase.

RE: Revocation, my advice is to not bother in this case unless you believe the private key were compromised somehow (e.g. lost by Firebase or something). The certificate will expire in a short time anyway and revocation is largely a flawed process. ACME allows you to revoke the previous cert by proving ownership of all of the names that were on the previous certificate with a new account and then requesting the previous cert be revoked using the new account. I’m not sure if Certbot implements this or how to achieve it, again I recommend not to bother.

Hope this helps!


#3

So: www.domain.tld points to ip.add.re.ss and uses a LE SSL cert. I’m not in control of this cert file but I am in control of the DNS.

If www.domain.tld tomorrow points to other.ip.addre.ss Will I be able to request a LE cert? If I were in control of the original cert, this will be a non-issue, I know. :slight_smile:

Thanks again.


#4

Yes, assuming you controlled the machine at the new IP you could solve a TLS-SNI-01 challenge or an HTTP-01 challenge using Certbot or another ACME client.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.