Smooth transition from commercial SSL to Letsencrypt SSL


#1

My domain is: www.creatissus.com

I’d like to know if the only thing i have to do is remove the lines referring to the commercial SSL certificate.
Run the cerbot command
./certbot-auto certonly --webroot -w /home/domaine/public_html -d www.domaine.com

and add the usual lines of code referring to the Letsencrypt certificate in the vhost file?


#2

Hi @refschool,

You should remove nothing till you issued your cert using the command you posted. Once you get your cert, yes, you can replace the paths of SSL directives SSLCertificateFile and SSLCertificateKeyFile to point to the right paths for your LE issued domains.

As you are using Apache 2.4.10, SSLCertificateFile should point to fullchain.pem file.

SSLCertificateFile    /etc/letsencrypt/live/yourdomain.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.tld/privkey.pem

Note: you should change yourdomain.tld for the real one.

Also, take care because this command:

./certbot-auto certonly --webroot -w /home/domaine/public_html -d www.domaine.com

Will issue a certificate covering www.domaine.com BUT NOT domaine.com. As your current cert covers both, your command should look like:

./certbot-auto certonly --webroot -w /home/domaine/public_html -d www.domaine.com,domaine.com
or
./certbot-auto certonly --webroot -w /home/domaine/public_html -d www.domaine.com -d domaine.com

Also, the first name specified will name the certificate, so if you put www.domain.com, your certs will be located here:

/etc/letsencrypt/live/www.domaine.com/

If you switch the order:

./certbot-auto certonly --webroot -w /home/domaine/public_html -d domaine.com -d www.domaine.com

the cert will be located here:

/etc/letsencrypt/live/domaine.com/

Hope this helps.

Cheers,
sahsanu


#3

Hi many thanks for the detailed answer.