Transferring a website to another server


#1

Hi,

I’m transferring a website to another server. The issue is, that the current server serves a number of websites, and it seems that the certificate installed there is applied to a number of domain names. Is there any way to reissue the certificate on the new server for the specific domain only (not breaking the certificate for other domains that will remain on the current server) and BEFORE updating its DNS records?

Thanks!

Please fill out the fields below so we can help you better.

My domain is: example-domain.com

I ran this command: letsencrypt --apache -d example-domain.com -d www.example-domain.com

It produced this output:
Failed authorization procedure. www.example-domain.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested 69031aa800db9f1f70e70139fe69c579.eb42ba3eb95c245bbed7bc5c0d5b79ac.acme.invalid from 123.123.123.123:443. Received 1 certificate(s), first certificate had names “other-domain.com”, example-domain.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested ccdb9dc6e057b678e270fa09a7548f58.724d9a7b9f3d379dd7a736cb004c0c57.acme.invalid from 123.123.123.123:443. Received 1 certificate(s), first certificate had names “other-domain.com

My operating system is (include version): Ubuntu 16.04

My web server is (include version): Apache 2.4.18

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

You can obtain a certificate on the new server using certbot (letsencrypt) in manual mode.

letsencrypt certonly --manual -d example-domain.com -d www.example-domain.com

Run this command on the new server, but when it asks you to create a file, create this file on the existing server.

You’ll have to update the renewal configuration later, because manual mode doesn’t work with letsencrypt renew. If you’re not familiar with the configuration syntax, you can do that by running letsencrypt --apache ... again on the new server, after you update the DNS records.

On the existing server, although your certificate will still be valid for the other domains, it will fail to renew after that one domain is pointed away from the server. So after updating the DNS, you’ll want to obtain a new certificate covering the reduced set of domains, and stop renewing the old certificate. I’m not sure of the easiest way to do that with the old version of letsencrypt packaged in Ubuntu 16.04 - I guess you would have to obtain the new certificate by directly listing the remaining domains, possibly using --duplicate if it complains, then remove the renewal configuration file for the old certificate from /etc/letsencrypt/renewal/. With newer versions you can just run certbot renew --allow-subset-of-names.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.