Moving working existing https site on a old server to a new server

#1

My web server is (include version): Apache
The operating system my web server runs on is (include version): Debian 9
I can login to a root shell on my machine (yes or no, or I don’t know): yes

I have a working https website with letsencrypt (www.example.com)
I have to move it (www.example.com) to a new server.

I thought about installing certbot on the new server and creating the new certificate there

./certbot-auto run -a webroot -i apache -w /var/www/vhosts/www.example.com/ROOT -d www.example.com

… then changing the DNS … could it work? … or does it conflict with the old server?

#2

Hi @rbottoni

that’s impossible.

If your dns entry points to your old server, you can’t create a new certificate using http-01 validation on your new server.

But: Copy your old certificate + key and use it with your new server. You don’t need a new certificate, you can use the certificate with both servers.

Later (if the dns entry has the new ip address) you can create a new certificate using the config of the new server.

#3

the problem is that domain (www.example.com) is an alias of the main domain (www.example.it) :

ServerName www.example.it
ServerAlias www.example.com

i need to separate the two domains

#4

That isn’t a problem. You can use the old certificate with every domain which is listed as SAN.

Old certificate -> two domain names
New server, only one domain name -> but the certificate works.

#5

ok … just a last question… which data should i copy (directories and files)

#6

You need only the two or three certificate files (private key, fullchain, perhaps chain) used in your current vHost.

I wouldn’t copy the Certbot installation or the /etc/letsencrypt subdirectory. Start fresh.

#7

even if i use a different validation?

#8

Then it may work. But if you have a running webserver, http-01 validation is the easiest version.

closed #9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.