Move to new webserver: Re-use old cert one or get a new cert?

JG123 · December 31, 2020, 12:54am

Hi,

One of our webservers has to move from one department of my organization to another department, which makes a new installation necessary, and the new server will also have a different DNS record. The certificate on the old server was obtained with certbot and also the new server will have certbot. However, the new server runs on a new version of Apache (2.4 instead of 2.2) and also uses a different Linux (CentOS 8 instead of Debian). We plan to connect the new server to the Internet and change the DNS record next week. The current certiifcate is still valid for 10 days and I have full access to the /etc/letsencrypt directory.

I looked around on this forum and it seems there are two options. The first option is to move move the existing certificate to the new webserver as described e.g. here: Move to another server Is the information still accurate and up do date?

The second option is to install a fresh certificate from scratch. I'd somehow prefer the second option since the current certificate was installed by a colleague who left my orgnaization already and I also think that this is probably the cleaner solution since there are some differences in the setup (e.g. the virtual host settings). Is there anything I need to pay attention to when installing a new certificate on the new server?

rg305 · December 31, 2020, 12:55am

The second option is way better.

There may be some HTTPS "down time" while you change IPs in DNS and get the new cert.
Otherwise, business as usual.

JG123 · December 31, 2020, 1:00am

It's not a big problem when HTTPS is not working for a couple of days. So that means I prepare already everything, i.e. install mod_ssl, certbot, etc, and then after the new server is connected to the Internet and the DNS record has been changed I wait a few days and then I can request a new certificate in the straightforward way?

rg305 · December 31, 2020, 1:00am

As soon as you change the DNS, you can request a new cert on the new server.
[as soon as the DNS change propagates to all authoritative DNS servers]

JG123 · December 31, 2020, 1:02am

Thanks for the info! So that means I will not face any problems because there still exists a valid certiifcate for my domain?

rg305 · December 31, 2020, 1:04am

Only if you already have 5 certificates with the exact same set of names.
Or like 50 new ones from the same domain that were recently issued.

One to one is no problem.

JG123 · December 31, 2020, 1:06am

Thank you very much for your quick help!

rg305 · December 31, 2020, 1:06am

Cheers from Miami

Topic		Replies	Views
Moving working existing https site on a old server to a new server Help	8	945	April 18, 2019
Migrate website to a new server Help	4	766	April 17, 2020
Moving to a diffrent Server Help	4	1097	May 18, 2018
Moving hostname from one VPS to another with another IP and new hostname Help	14	709	November 9, 2023
Move to another server Help	15	60112	December 26, 2018

Move to new webserver: Re-use old cert one or get a new cert?

Related topics