I backed up everything I needed from the first server.
Created a new server and installed all the needed packages
I deleted the domains attached to first server from the Linode panel
I deleted the server completely from Linode
Then I attempted to copy all the directories and .conf files needed for apache and letsencrypt to work with the new server (the ones that required root were copied as root - the /var/www/* stuff was copied as the user)
Browser gives this error:
Unable to connect
Firefox can’t establish a connection to the server at pastlife.works.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer’s network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
Could I just be waiting for DNS to switch? I can access the site by goin to the IP, but it is not secure connection.
How do I tell if I need to just revoke all the certificates, start over from scratch and obtain new certificates?
"revoke the certificate" is (almost) never a correct answer--the only reason to do it is if you have reason to believe a private key has been compromised.
Depends--are these your IP(v4/v6) addresses?
dan@Dan-MacBook-Pro-2013 ~ host pastlife.works
pastlife.works has address 173.255.244.152
pastlife.works has IPv6 address 2600:3c01::f03c:93ff:febc:2959
If so, then no, DNS isn't your problem. If your page is about "The Universal, Immutable Laws of Nature and Creation" (which is what I see when I browse to that IP address), then DNS seems to be fine. But you aren't serving HTTPS at all.
<C>[date time] Failed to read /etc/letsencrypt/live/mumble.example.org/cert.pem
I tried to reconfigure the mumble-server with the correct path to the fullchain.pem and to the private key, but then I get this error:
<C>2022-05-26 15:47:23.733 MetaParams: Failed to read /etc/letsencrypt/live/chat.pastlife.works/fullchain.pem
<F>2022-05-26 15:47:23.733 MetaParams: Failed to load SSL settings. See previous errors.
I even requested a new certificate for the subdomain chat.* in order to try to avoid this because that worked on another system (ubuntu jammy with certbot from snap).
I cant connect to the mumble server because of this, it was a public server with SSL and now I broke it
Thanks so much for your time
Copy the certificate and private key somewhere where the Mumble server can read them
Send the SIGUSR1 signal to Mumble, so that it reloads the renewed certificate
So it might be something like:
#!/usr/bin/env bash
umask 022
cp /etc/letsencrypt/live/chat.pastlife.works/fullchain.pem /etc/ssl/mumble.crt
cp /etc/letsencrypt/live/chat.pastlife.works/privkey.pem /etc/ssl/mumble.key
chown mumble-server:mumble-server /etc/ssl/mumble.{key,crt}
# The sysv script for mumble-server on Debian 11 doesn't appear to support reload, but
# we can manually do it.
start-stop-daemon \
--quiet --oknodo --stop --signal 10 \
--user mumble-server --pidfile /var/run/mumble-server/mumble-server.pid
You would save that as something like /etc/letsencrypt/deploy-mumble.sh and make sure it's executable:
chmod +x /etc/letsencrypt/deploy-mumble.sh
and when you obtain a certificate, you'd do something like:
(changing --webroot to however you already authenticate your certificate request).
Since you already have a certificate, you might instead need to modify /etc/letsencrypt/renewal/chat.pastlife.works.conf and add a line under [renewalparams] as follows:
That's okay. Alternatively you should instead be able modify the .conf file and add the renew_hook line, as described above.
Sorry that the instructions are a bit involved. Setting things up for servers like Mumble is going to be a fair bit more complex than for servers that Certbot supports by default, like Apache.
Ok so I made the script and made it executable but am I supposed to use this on top line: #!/usr/bin/env bash
why not #!/bin/bash ?
I also added that line to the end of [renewalparams]
Rebooted the server and I still get this output after I attempt to reconfigure mumble-server:
<C>2022-05-26 17:44:27.916 MetaParams: Failed to read /etc/ssl/mumble.key
<F>2022-05-26 17:44:27.916 MetaParams: Failed to load SSL settings. See previous errors.
I think I'm gonna have to give up on mumble. No one ever chats anyways because they don't even know how to connect to it. I only get spammed by Spanish speaking people who only join to cuss me out.
Thank you so much @_az you are awesome! After I ran the script and then reconfigured I was able to see the green letters in the mumble client and the certificate shows in the server information. Success!!
I video recorded my entire migration. Will have to work on editing that video and then use it to make a new video for complete noobs to do this. If I can do it, a newer user can.