Moving from shared host with limited LE support to VPS - correct method?


#1

Hi,

Specifics below but I’m looking for some advice. My website is currently on shared hosting. They have their own branded control panel with LE support which I used, but pretty much no control or access to any OS/root files, so there is nothing LE related to take.

I’ve set up a VPS with Vultr where I’m moving the site but Im not sure what the correct process would be to re-enable LE on the VPS and with as little downtime as possible.

Would it just be a case of running certbot once the DNS propagates to the new server, or is there more to it?

Thanks

My domain is:

My web server is (include version):
Apache 2.4

The operating system my web server runs on is (include version):
Ubuntu 16.04

My hosting provider, if applicable, is:
Tsohost.com (outgoing) / Vultr.com (new)

I can login to a root shell on my machine (yes or no, or I don’t know): Current no, future yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): tsohost panel / No


#2

Hi @weeniebeenie

are you able to create a subdirectory /.well-known/acme-challenge/ and there a new file? If yes, there

are some pure online clients. So you can - using your old environment - create a new Letsencrypt certificate and download the private and the public + signed key. Valide the next 90 days.

Then you can test your new environment with SSL. If all works -> change your dns-entry.

2 months later check certbot.


#3

Hi,

There’s a tutorial written for Ubuntu on digital ocean, take a look .

Let us know what else we can help.

Thank you


#4

While I appreciate your help, how does this generic tutorial help the topicstarter with migrating with as little (HTTPS) downtime as possible?


#5

Thanks for the replies. Yes I know how to install a completely new LE cert on a VPS, the problem is that a cert is already set up for that domain on my shared host.

@JuergenAuer thanks for the help but I’m not totally clear what you’re asking. I have full root control on the new VPS I set up, but pretty much zero control over the shared host where the site and cert is currently sitting. I can access only the public_html folder for the site, no deeper, as is common for shared hosts. I can’t download anything related to LE.


#6

If your dns-entry points to your old server, then you can use your old server to get a Letsencrypt-certificate via one of these online clients.

The Letsencrypt-client gives you a file with a long random-name and a special content. This file must be placed under yourdomain/.well-known/acme-challenge/ Letsencrypt checks if this file exist and if the file has the correct content. If yes, Letsencrypt creates a certificate.

There you should be able to create a subdirectory /.well-known, there a subdirectory acme-challenge. There place the file the online-letsencrypt-client gives you.

So you must be able to upload a file or to create it manual (copy the content).

PS: You can also use Certbot on your new server and use dns-01 - challenge. So you need to create a dns-entry with a special value. Then you can create the new certificate on your new server (dns entry points on your old server).


#7

Let’s Encrypt allows more than one cert for a given domain, so this is no problem. The easy answer really is simple: switch over DNS, get new cert on new server. Done. If you want the new cert before you switch your DNS to point to the new server, that’s do-able too, but a little trickier.


#8

@weeniebeenie The ‘online clients’ which @JuergenAuer mentions can be found here: https://letsencrypt.org/docs/client-options/#browser

I would recommend Get HTTPS for free, because it uses a process in which the user is in full control, but also requires a little bit of command line interface experience. Alternative suggestions would be ZeroSSL or SSL for free.


#9

It was indeed just this simple. Thanks.


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.