SSL with Ubuntu 18.04 LEMP


#1

Hi,

I installed Let’s Encrypt by running following commands:

add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-nginx

then,

certbot --nginx -d example.com -d www.example.com

My question is that, I migrated my server to new server by using snapshot. So I have a new ip address on the same domain. Can this situation create renew issues or etc.?

Thank you,
Best regards.


#2

How can I check the certificate’s status whether it is working well or not with new ip address?

  • I installed Let’s encrypt via above commands while my domain pointed to the Server IP address.
  • Then, Nameservers are pointed to Cloudflare after SSL installation.
  • Now I have changed ip address of my server now. (Changing A records on Cloudflare management page)

Should I do anything?


#3

Hi @kocakserdar7

try it. There are a lot of errors possible, so I don’t know an answer. But

A certificate has nothing to do with an ip address.

Use your browser.

I don’t know enough about the Cloudflare-integration. This may be special.


#4

Thank you for your reply :slight_smile: I can access my blog on HTTPS after migration. Also I tried to check SSL status via SSL checker websites. Looks working.

Hope Let’s Encrypt will continue to renew itself…


#5

You can try “certbot renew --dry-run”, but it uses Let’s Encrypt’s staging environment, and can have subtly different behavior from the production environment.

In particular, sometimes one will use HTTP-01 validation and the other will use deprecated TLS-SNI-01 validation. (Though not always, and it can be overridden.)

Edit: Also, if you’ve recently validated, it will look like it’s validating again but won’t.


#6

This is the most significant possible problem in the future. Cloudflare issues its own certificates automatically for names that are pointed at it. Then those certificates are used for the connections made by the general public to Cloudflare, while your own certificate is used only for the connection between Cloudflare and your origin server.

In this case in order to avoid having to renew the origin server’s certificate at all, it may be easier to use the Cloudflare origin CA instead of Let’s Encrypt.

(This can issue a free 10-year certificate valid only between Cloudflare and your origin server.)


#7

Thank you for your help. How can I uninstall certbot and its dependencies?


#8

You should be able to remove them via

apt-get remove python-certbot-nginx
apt-get autoremove