The best way to move a domain to a new server

stevetyler · October 14, 2020, 6:58pm

I'd just like to ask a general question about moving my domain to a new server. The certificates are currently installed on a Ubuntu 14.04 server in AWS and I have a 20.04 server I'd like to move to. I was thinking of pointing my domain to the new server and installing new certificates which would be easier rather than copying them from my old server? If I did that however and I had to switch back to my old server, would those certificates still be valid? Thanks for your advice

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: collated.net

I ran this command:

It produced this output:

My web server is (include version): nginx 1.18.0

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is: AWS EC2

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.9.0

Osiris · October 14, 2020, 7:07pm

If you'd do that, you'd have a (short) period of no certificates. I don't know if you have HSTS configured, but if you do, you'd have a non-functional website. If you for some reason didn't manage to get the certificate(s), your site would be offline for that time.
Also, how much trouble would copying the cert/private key actually be? If you have SSH configured properly, you could just scp the files. I would recommend sending over a tarball of /etc/letsencrypt/ with the archive option used when tarring (so symbolic links and owner/permissions are kept).

Yes, certificates are just plain files. Copy them, delete those copies, use those copies, doesn't matter. Certificates can expire or can be revoked, but that latter is an active procedure, which doesn't just happen when you copy the cert to another server, luckily.

rg305 · October 14, 2020, 7:33pm

"The best way to move a domain to a new server"

I would agree with @Osiris
[even though the certbot versions are far apart, the files they create are usable by both]

You can do that ahead of time and test the functionality of the second server before pointing the DNS records to it.

stevetyler · October 14, 2020, 8:02pm

ok many thanks, I've always had issues with scp but will try again

rg305 · October 14, 2020, 8:04pm

If you can't SCP, then perhaps you have access to a secure FTP server you manage/trust?

Osiris · October 14, 2020, 8:13pm

Please not there is a big difference between SFTP and FTPS. SFTP uses SSH and is perfectly fine. FTPS however, is an often poorly implementation of TLS added to the regular FTP protocol. Often poorly, because often only the command channel is encrypted, but not the data! This is of course not very secure.