Moving server and from nginx to apache


#1

Hi there,

I’m currently having to switch to another server and one that will run apache instead of nginx. I generated my certificate for nginx at first.

I transferred the /etc/letsencrypt directory from original server to new server (carefully keeping the symlinks).

Now if I were to request a new cert via letsencrypt --apache -d example.com it seems like everything would be done for me.

Since the certificate is already active (from less than 30 days). Is there a way to achieve what the letsencrypt --apache is doing but with an already generated certificate from /etc/letsencrypt/live/domain.com?

Thanks


#2

If you run certbot (or letsencrypt if your server is using a [very] old version of the client) while the certificate isn’t up for renewal, it should ask you if you want to actually renew it (not necessary ofcourse) or only want to install it… When chosing the second option, it’ll (suppose to) do what you want.

You obviously need to have the apache plugin installed, most (if not all) distributions have the plugin as a separate package in their package manager…


#3

@dstpierre, it is possible to edit the old certificate renewal configuration (and it’s even possible that Certbot would succeed in editing it for you if asked to renew that certificate while specifying a different plugin, the possibility to which @Osiris is referring). But for reliability and simplicity, it might be easiest to just ignore the existence of the old certificate and get a new certificate with the certbot --apache -d example.com form. It’s unlikely that rate limits will affect you or that anyone will get upset with you!

(Note that letsencrypt has been renamed to certbot.)


#4

Thanks for the replies. I did not went 100% OK though.

After running the command it created a second folder i.e. /etc/letsencrypt/live/domain.com-0001. So it seems it did not started from the previous valid cert.

I guess from here removing the entry for /etc/letsencrypt/renew/domain.com.conf leaving the new one create will be fine than?

Also the command were not able to modify the default virtual host for the domain for setting redirection and what not. Still it created a file 000-default-le-ssl.conf that I hope I can start with.

And re: letsencrypt vs certbot. I took the one-click wordpress image at DigitalOcean with Ubuntu 16.04 came pre-installed with that version of LE.


#5

Another quick question, from the original server, should I only remove the /etc/letsencrypt/renew entry for the cert I transferred?

Is there anything else I need to remove, artchive, live etc? I have other certificates in that server, so would not want to affect those.

Thanks again for your time.


#6

Somehow you managed to request a whole new certificate, but with other domains listed in it. Without the --expand switch it can generate such a new directory indeed…

If you’re absolutely sure the certificate in the domain.com-0001 directory is also valid for all the domains in the original directory, it’s possible to “move” the directory-0001 directory to just domain.com. If you really want to. Also I’d recommend backing up your /etc/letsencrypt/ before doing manual stuff to that directory. But renaming/moving the domain.com-0001 directory doesn’t solve your automatic configuration of Apache: Apache will point to the old certs in 0001:stuck_out_tongue: But if you do move the 0001 directory, you’ll have to move the directories in /archive/, /live/ and move and update the paths in the renewal file in /renew/. Also, you’ll have to update the symbolic links in /live/domain.com to the correct files in /archive/domain.com.

So I’m mainly interested in why you’ve got a whole new certificate while we already stated that wouldn’t be necessary for just installing the cert in Apache. :wink:


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.