Moving (only) single domain from server A to server B

Hi Friends!
I’m about to move a domain from one server to a different one.
I have read other similar posts but I would like to confirm before doing disasters :slight_smile:
On the both server I’m using certbot for obtain a unique certificate that contains multiple domains.
So, should I revoke the specific domain keys on the first server, simply by executing certbot and omitting the specific domain?
And then, on the second server run again (previous DNS configuration) certbot for obtain the new one domain certificate?

Many thanks!

Davide

Hi @danjde

you shouldn't revoke something. Revokation is only required if your private key is stolen etc.

Copy the certificate (public key, private key, chain, the files used in your server config) to the new server and add the certificate to your webserver. Then you can reuse the certificate.

Then install Certbot and create a new certificate with explicit options, if the certificate is max. 30 days valide.

I used an incorrect term, what is the correct term that expresses the removal of a domain from a certificate? :slight_smile:

The config too? But on the config there is the fqdn of the starting server that does not coincide with the fqdn of the destination server..

certbot certonly --cert-name server.xy.com --webroot -w /var/www/letsencrypt --expand -d example.com

The above command is the one I normally do.
I would also like to include the name of the organization to which it was granted, but I have not seen from the documentation how to do, could you give me an example?

Many thanks again!

Davide

delete

No; the files used in the config.

I've never seen such an option.
Can you be more specific on this?

This isn't possible. These are Organisation validated certificates or Extended validation certificates.

Letsencrypt doesn't offer these certificate types. And this isn't really a problem.

Read

Yes, I mean if technically possible:: Organization (O) and Organizational Unit (OU) as Firefox show here: https://www.cosmogonia.org/owncloud/index.php/s/4QpzQTB9t6JA2eQ

Thanks again!

Davide

Let’s Encrypt doesn’t offer OV or EV certificates.

1 Like

LE only provides DV certs.

Below is from: https://letsencrypt.org/docs/faq/

Will Let’s Encrypt issue Organization Validation (OV) or Extended Validation (EV) certificates?

We have no plans to issue OV or EV certificates.

OK! :cry:

Returning to the initial topic, there is a step that is not clear to me:
After copying the certificates from server A to server B,
In the server A certificate remains the domain that should be moved to server B,
to remove it from serverA
should I re-run the last certbot command omitting this specific domain?

I hope I was clear, I'm not a native English speaker :cold_face:

Thanks again!

Davide

Try speaking/typing in your native language.
There are many here that speak/write in multiple languages

If the cert contained other domains, then yes, that is the easiest way to "remove" it.
If the cert was all by itself, then perhaps
cerbot delete
can walk you through the deletion process.

You don't need to remove the domain name from the certificate Server A uses. It doesn't produce an error if the certificate has more domain names as the servers vHosts - Servernames.

Next time certbot renew - that will not work. But instead use your explicit command with correct values.

Yeah basically as long as you specify the --cert-name option, you should get a new certificate with whatever new set of domains you specify, that will replace the old one. If you leave that option off you may end up with an additional certificate that is renewed separately - which seems not to be what you want.

Ah, maybe now, but maybe in the near future your advice might come in handy! :wink:

Ah, I didn't know! Interesting!

Many many thanks to all you have all been really very kind and precious your advice :wink:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.