We need to move on web shop from other server to our server. This site do not use Lets Encrypt
So the problem is. When I modify DNS to go from old server ip to our server IP. And old server has https sertificates which are not Lets Encrypt so if I copy them to our server, does it works I think not. Or can I create new https sertificates when the old one is still active. I do not know the step order.
So first step I modify server DNS to use our ip. And after that I make new https sertificate to our server via Lets Encrypt. Is that right way to do it? Or how shoud I do it? I have copy all the code to our server and test it. So the problem is only these https sertificates and how to do the change right order so that everything works.
Why not? If you migrate the certificate and private key, why wouldn't that work if the hostname of your website stays the same?
You could get one using the dns-01 challenge if the DNS has not been switched yet. That way you don't need an A/AAAA RR pointing to the new server yet.
3 Likes
Ok so I just copy the certificates same place where letsencrypt certificates are. And when the server change is over. I just run new certificates to test that it all works like it should. Do I understand right your advice?
If you're switching from a different CA to Let's Encrypt, I'd recommend putting the cert and private key from the previous server in a separate location on the new server. So you can get started "fresh" when you'll get a Let's Encrypt cert once the previous cert is expiring soon (start 30 days before expiry is usually the recommendation).
4 Likes
"If you're switching from a different CA to Let's Encrypt, I'd recommend putting the cert and private key from the previous server in a separate location on the new server. So you can get started "fresh" when you'll get a Let's Encrypt cert once the previous cert is expiring soon (start 30 days before expiry is usually the recommendation)." Thank you I that way.
1 Like
Depending on the implementation there might be details we haven't discussed, but that would be the general approach if it were me. YMMV of course 
2 Likes
Hello!
I just found out it uses lets Encrypt. So the first step is to know where is the WordPress WooCommerce system https lets Encypt certificate location? So I can just copy those files to our server right places.
That sounds complicated.. 
I don't have any experience with that stuff.
If you're also intending to implement WooCommerce on your new server, simply copying it might not be enough.
In the future, you might want to mention this kind of important stuff from the start.
3 Likes
No I do not implementing WooCommerce at all or Wordpress. I have done new site without WooCommerce and Wordpress that looks almost same and works same way that the oldewr which done via Wordpress and WooCommerce system. So I just need to know where is the lets Encrypt https certificates file location.
I think it should be easy, that https certificate is the older WooCommerce system from Lets Encrypt and new system it will be Lets Encrypt which out server uses. Domain: which I need to transfer to our server is paketit.com Does this any help? So I just thought I copy the current certificates from WooCommerce Wordpress system to our server. Or must I done something else. I do not know where is the location those certificate files are.
If you can find them.
Copying the cert and private key is just step one, you obviously also need to install those certificates into the webserver of the new server.
1 Like
Install so you mean write *.conf files to the sites-available and make them enabled via command "sudo a2ensite xxx.conf "
Only place where I found certificates might be are root/certs/... so
there are files name
/certs/ssl.11976.cacert
/certs/ssl.11976.cert
/certs/ssl.11976.key
But I wonder where are *.pem files? or is WordPress system completely different from our Ubuntu 18.04 system which the certificates are /etc/letsencrypt/archive/... and name extension is *.pem.
Well, and make sure the contents of those .conf files are actually correctly configured. I.e., the paths to the certificate/chain and private key are correct. Not just blindly copy them.
Beats me. Maybe some other volunteer knows more about WooCommerce Wordpress stuff.
Extensions don't matter that much on *nix systems.
1 Like
So the basic question is. If I switch server from WooCommerce WordPress system to our sever which I have coded without those Wordpress system. And just after switch is done and active about 24 hours. Then after 24 hours from switch I create new https certificates from our server does this works. So there is max 24 hours that our site does not work properly.
Without migrating the certificate from the old to the new server?
Why would you wait 24 hours to get a new certificate? Once the DNS has propogated, you can get a new certificate. Although admittedly some DNS providers can be rather slow. I don't know how fast "Cloudcity" is.
Also, as mentioned earlier, you can get a certificate on your new server even before the DNS transition using the dns-01 challenge manually. After the switch, you could get a renewal using the http-01 challenge. Ideally wait for 6 months so you'd also use the manual cert, but that would mean you would have to put a reminder in your agenda to manaually change the challange from manual dns-01 to automated http-01. Alternatively you can set up the automated http-01 challenge after the DNS transition is completed.
1 Like
Thank you all. I just change DNS to point our server and after that I make new https certificates to our server. And it should be ok!
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.