Moving from shared host with limited LE support to VPS - correct method?



Specifics below but I’m looking for some advice. My website is currently on shared hosting. They have their own branded control panel with LE support which I used, but pretty much no control or access to any OS/root files, so there is nothing LE related to take.

I’ve set up a VPS with Vultr where I’m moving the site but Im not sure what the correct process would be to re-enable LE on the VPS and with as little downtime as possible.

Would it just be a case of running certbot once the DNS propagates to the new server, or is there more to it?


My domain is:

My web server is (include version):
Apache 2.4

The operating system my web server runs on is (include version):
Ubuntu 16.04

My hosting provider, if applicable, is: (outgoing) / (new)

I can login to a root shell on my machine (yes or no, or I don’t know): Current no, future yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): tsohost panel / No


Hi @weeniebeenie

are you able to create a subdirectory /.well-known/acme-challenge/ and there a new file? If yes, there

are some pure online clients. So you can - using your old environment - create a new Letsencrypt certificate and download the private and the public + signed key. Valide the next 90 days.

Then you can test your new environment with SSL. If all works -> change your dns-entry.

2 months later check certbot.



There’s a tutorial written for Ubuntu on digital ocean, take a look .

Let us know what else we can help.

Thank you


While I appreciate your help, how does this generic tutorial help the topicstarter with migrating with as little (HTTPS) downtime as possible?


Thanks for the replies. Yes I know how to install a completely new LE cert on a VPS, the problem is that a cert is already set up for that domain on my shared host.

@JuergenAuer thanks for the help but I’m not totally clear what you’re asking. I have full root control on the new VPS I set up, but pretty much zero control over the shared host where the site and cert is currently sitting. I can access only the public_html folder for the site, no deeper, as is common for shared hosts. I can’t download anything related to LE.


If your dns-entry points to your old server, then you can use your old server to get a Letsencrypt-certificate via one of these online clients.

The Letsencrypt-client gives you a file with a long random-name and a special content. This file must be placed under yourdomain/.well-known/acme-challenge/ Letsencrypt checks if this file exist and if the file has the correct content. If yes, Letsencrypt creates a certificate.

There you should be able to create a subdirectory /.well-known, there a subdirectory acme-challenge. There place the file the online-letsencrypt-client gives you.

So you must be able to upload a file or to create it manual (copy the content).

PS: You can also use Certbot on your new server and use dns-01 - challenge. So you need to create a dns-entry with a special value. Then you can create the new certificate on your new server (dns entry points on your old server).


Let’s Encrypt allows more than one cert for a given domain, so this is no problem. The easy answer really is simple: switch over DNS, get new cert on new server. Done. If you want the new cert before you switch your DNS to point to the new server, that’s do-able too, but a little trickier.


@weeniebeenie The ‘online clients’ which @JuergenAuer mentions can be found here:

I would recommend Get HTTPS for free, because it uses a process in which the user is in full control, but also requires a little bit of command line interface experience. Alternative suggestions would be ZeroSSL or SSL for free.


It was indeed just this simple. Thanks.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.