Specifics below but I’m looking for some advice. My website is currently on shared hosting. They have their own branded control panel with LE support which I used, but pretty much no control or access to any OS/root files, so there is nothing LE related to take.
I’ve set up a VPS with Vultr where I’m moving the site but Im not sure what the correct process would be to re-enable LE on the VPS and with as little downtime as possible.
Would it just be a case of running certbot once the DNS propagates to the new server, or is there more to it?
Thanks
My domain is:
My web server is (include version):
Apache 2.4
The operating system my web server runs on is (include version):
Ubuntu 16.04
My hosting provider, if applicable, is: Tsohost.com (outgoing) / Vultr.com (new)
I can login to a root shell on my machine (yes or no, or I don’t know): Current no, future yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): tsohost panel / No
are you able to create a subdirectory /.well-known/acme-challenge/ and there a new file? If yes, there
are some pure online clients. So you can - using your old environment - create a new Letsencrypt certificate and download the private and the public + signed key. Valide the next 90 days.
Then you can test your new environment with SSL. If all works -> change your dns-entry.
Thanks for the replies. Yes I know how to install a completely new LE cert on a VPS, the problem is that a cert is already set up for that domain on my shared host.
@JuergenAuer thanks for the help but I’m not totally clear what you’re asking. I have full root control on the new VPS I set up, but pretty much zero control over the shared host where the site and cert is currently sitting. I can access only the public_html folder for the site, no deeper, as is common for shared hosts. I can’t download anything related to LE.
If your dns-entry points to your old server, then you can use your old server to get a Letsencrypt-certificate via one of these online clients.
The Letsencrypt-client gives you a file with a long random-name and a special content. This file must be placed under yourdomain/.well-known/acme-challenge/ Letsencrypt checks if this file exist and if the file has the correct content. If yes, Letsencrypt creates a certificate.
There you should be able to create a subdirectory /.well-known, there a subdirectory acme-challenge. There place the file the online-letsencrypt-client gives you.
So you must be able to upload a file or to create it manual (copy the content).
PS: You can also use Certbot on your new server and use dns-01 - challenge. So you need to create a dns-entry with a special value. Then you can create the new certificate on your new server (dns entry points on your old server).
Let's Encrypt allows more than one cert for a given domain, so this is no problem. The easy answer really is simple: switch over DNS, get new cert on new server. Done. If you want the new cert before you switch your DNS to point to the new server, that's do-able too, but a little trickier.
I would recommend Get HTTPS for free, because it uses a process in which the user is in full control, but also requires a little bit of command line interface experience. Alternative suggestions would be ZeroSSL or SSL for free.