This is the scenario.
Site running on linux instance was attacked and so it was compromised really bad.
- started a new instance
- restored site from a backup prior to attack
- new instance is working fine
- old instance was turned off and decommissioned
When going live with new site though - I updated SSL cert on new instance and updated DNS but there's a redirection from new IP to the old one - output 1.
Started a new and different instance and completed another restore from backup (before the attack) with no problem - I have not updated SSL cert but updated DNS and now there's no redirection but DNS is not working - I can only get to the site via IP and when going by the actual domain I get a warning from browser saying "this connection is not private", that website may be impersonating my domain to steal info - output 2.
This is driving me nuts - there's either a redirection (on output 1), and also DNS not working even though propagation on the Internet completes successfully (on option 2). What is needed to do when servers are replaced but SSL certs issued by Let's Encrypt are still active and valid? When and how a SSL cert is updated on the new server? Anything that I should've done on the attacked server before decommissioning it? There's something that I am missing as I have not come across an attack and so the need to replace servers but your input will be appreciated.