Hi all, first time here 
I’m quite happily hosting websites on Firebase Hosting. They provide SSL certs, issued by LE.
IF I wanted to move away from that particular provider to, let’s say, a self-managed AWS instance, What will happen to my cert?
Would I be able to issue another cert vÃa certbot or some other way? How can I revoke or invalidate the previous cert?
Thanks in advance.
You will have to ask Firebase support what they do in this case.
You will be able to issue a new certificate for the domain using Certbot once you have adjusted the DNS records away from Firebase.
RE: Revocation, my advice is to not bother in this case unless you believe the private key were compromised somehow (e.g. lost by Firebase or something). The certificate will expire in a short time anyway and revocation is largely a flawed process. ACME allows you to revoke the previous cert by proving ownership of all of the names that were on the previous certificate with a new account and then requesting the previous cert be revoked using the new account. I’m not sure if Certbot implements this or how to achieve it, again I recommend not to bother.
Hope this helps!
So: www.domain.tld points to ip.add.re.ss and uses a LE SSL cert. I’m not in control of this cert file but I am in control of the DNS.
If www.domain.tld tomorrow points to other.ip.addre.ss Will I be able to request a LE cert? If I were in control of the original cert, this will be a non-issue, I know.
Thanks again.
Yes, assuming you controlled the machine at the new IP you could solve a TLS-SNI-01 challenge or an HTTP-01 challenge using Certbot or another ACME client.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.