Moving working existing https site to new server

#1

I have a working existing https website with letsencrypt that I am moving to a new server.
I am moving away from 1and1.com to a different hosting company.
Do I need to do anything with letsencrypt before or after doing the DNS change?

#2

hi @C0BALT

I have changed the category to help

A) You need to figure out if the new company will automatically obtain new certificates for you or if you have to set up these yourself
B) If 1 and 1.com issued and managed your certificates for you previously you may want to ask them to revoke the certificates (as you are no longer their customer etc)

I would not do B until you have A sorted.

Andrei

#3

Thank-you for your reply.
I’m still quite unsure of which way to step first.

The current site which is live at 1and1.com has it’s SSL Cert Auth by
GeoTrust - powered by Symantec expiring in December 2017…

I’m moving the site to a reseller/CPanel controlled host, preferrably in a couple of days.
Technically I’m the admin, unless I contact https://www.crocweb.com/
Let’s Encrypt SSL is there in CPanel and I would like to use it.

I’ve set up SSL on several other domains in this reseller/CPanel control panel

For this scenario, email is run and managed by GSuite for non-profits

This is the Let’s encrypt
Installing certificate to: nonprofit.ca

NO mail.nonprofit.ca Alias /home/nonprofit/public_html
YES nonprofit.ca Main /home/nonprofit/public_html :heavy_check_mark: (cpanel,webdisk,webmail)
YES www.nonprofit.ca Alias /home/nonprofit/public_html

Issue? should I make sure that mail.nonprofit.ca does not have a cert because it’s being entirely managed by GSuite?

Should I do things in this order?
1: transfer content files and db from live site to new server
2: transfer DNS to new server
3: wait 24 hours?
4: revoke/kill cert on old server
5: wait?
6: Issue new cert on new server?

My question is what will issuing new certs on new server interfere with existing certs on old server while DNS is being updated

#4

No, they can coexist with overlapping, concurrent validity. You do not need to revoke the old certificate in order to obtain the new certificate, and the new certificate will not invalidate the old certificate.

Depending on your authorization method, you will need to point the DNS records at the new server in order to obtain new certificates there. If the DNS change is authoritative, you wouldn’t need to wait 24 hours. (Let’s Encrypt doesn’t rely on DNS caches and so the “DNS propagation” delay that people often experience doesn’t apply to Let’s Encrypt’s infrastructure, although there could be internal delays inside DNS providers in applying the changes that you request.)

closed #5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.