Transfering SSL/Lets Encrypte site to new server

Discussion in 'Installation/Configuration' started by Thomas CARTER, Aug 6, 2018.

Tags:
  1. Thomas CARTER

    Thomas CARTER New Member

    Hi all,
    I have an site with SSL/Lets Encrypte installed and working correctly on an existing ISPConfig server. I want to transfer the site to a new server also with ISPConfig+Lets Enrypt installed. I am concerned that the fact that a certificate exists set up for one machine will block the creation of a new certificate on the new machine. My current plan is to :
    1) 1 day before, reduce the domaine name TTL to 300
    2) Create the site on the new server with the same domaine name, but without checking SSL and Lets Encrypt boxes
    3) Transfer all the FTP files and Mysql database
    4) Point the domaine name to the new server
    5) Await propagation
    6) Check SSL and Lets Encrypt boxes
    7) Check Rewrite HTTP to HTTPS box

    Is there anything else I should be aware of ?

    - Linux Distribution and version : ubuntu 0.16.04.1
    - ISPConfig Version: 3.1dev
     
    Thomas CARTER, Aug 6, 2018
    #1
  2. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    That should work fine. I've seen mention of a problem when checking both ssl and let's encrypt boxes at the same time, so you might make that 2 steps; I've never had a problem with it myself.
     
    Jesse Norell, Aug 6, 2018
    #2
  3. ustoopia

    ustoopia Member

    Seems to me that you are over-thinking this. Whenever I migrate to a new server I make sure everything on the new server is setup exactly as the old one. Except for the ssl & let's encrypt options. When I do the actual migration I shutdown the old server and start enabling ssl & let's encrypt on the new server for every site. The certificates are created perfectly. I've done this several times now, without any issues.
     
    ustoopia, Aug 7, 2018
    #3
    ahrasis likes this.
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I agree with @ustoopia . The important step is 5), since you can not have the LE certificates created on the new host until the name service points to the new host. And it must be on the name server LE project uses, so it takes time and I do not know how to check when those name servers get updated with the new info. But reducing TTL like you do in 1) should make it faster.
     
    Taleman, Aug 7, 2018
    #4
  5. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Basically you are transfering only one site to a new ISPConfig server from the current one, so I think you can temporarily copy its current LE SSL certs and link them in the /var/www/domain.tld/ssl/ folder, that is if you want to immediately use them for your site in the new server.

    Extra Note: ISPConfig is currently using webroot method to issue new / renew LE SSL certs, so you need to check whether your website domain.tld is pointing to your new web server before you request new certs for it. Dig your website domain.tld to make sure it has the right ip address before you make the request. By the way, it won't renew your current certs since its server account will be different.
     
    ahrasis, Aug 7, 2018
    #5

Share This Page