an oddity with LE - actually two of them...

so... if I want to delete the existing sites how to I switch to certbot? I assume thats what you are suggesting?
and I would have to redo all the system certs as well. i assume we cant mix the two?
also - can I switch from amavisd to rspamd on centos? is that simple? or painful? or Something To Be Avoided?
oh - of course you were right - the mx record had just not percolated to outlook yet . mail flows now.
the two CNAMEs godaddy gave explictly did NOT put a '.' after autodiscover etc. so I did not either!

 

and does debian use acme? or can it be convinced to use certbot? and is acme in any way better? worth the change?

 

ok so if I take the plunge and your debian autoinstaller - it installs postfix, rspamd, redis, LE (certbot??) etc etc? all magically?
I've taken to installing google authenticator on my servers now. you can never be too careful!
I guess I might consider nginx as well if I'm going whole-hog. but I do have honest-to-got cgi programs I run. I see there may be workarounds. but is current apache that much worse if you have gobs of memory?
Inquiring minds etc etc!

 

ok bog DAM you Till. I wiped rocky 8 and did a debian 12 install. That HURT!
autoinstaller all seemed good playing with it.
I noticed though that the debian 11 instructions for installing google-authenticator do not yield joy . it was easy to install under redhat/centos, but it does not seem to play nice with debian 12.
I found debian 11 instructions, followed them but they dont work. One of the lines ChallengeResponseAuthentication was missing from sshd_config added it, did other things, but could not log in at all. glad I had another ssh session active at the same time so I could undo it!
apart from that. pretty dam nice
almost ready to use the migtool. now, I forgot to force certbot to be used. but have no websites up. so whats our instructions for converting to certbot?
or can I use the autoinstaller to correct this?
then after using migtool, I plan on retiring ns10 in favor of ns11 (now debian 12 AAAARRRGGGH gnaashing of teeth ). so I need to so a mysql update to change all the ips from the ns10 server to the ns11 server.
thats that syntax? phpmyadmin seems running fine.
Then I have to manually tell the registrars that nameservers are now ns11 and ns4 instead of ns10 and ns4 on all my hundreds of websites.
Or may be I pull a switcheroo and rename ns11 to ns10 then I just need to change all the ips? is that a better tack?
then all I have to do is change the hostname def on godaddy of ns10 from ns10-ip to ns11-newip.
I could not do that while ns10 was still live on the network (LE would find the old server), but is there a clean way to do this?
what do you think?

 

first tiny contribution - in Debian 12 (as opposed to 11) the parameter
ChallengeResponseAuthentication no longer exists it is now:
KbdInteractiveAuthentication yes instead. then 2fa works as expected