Learn about Centmin Mod LEMP Stack today
Register Now

SSL DNS Letsencrypt DNS update and SSL install post server migration

Discussion in 'Domains, DNS, Email & SSL Certificates' started by JJC84, Oct 11, 2019.

  1. JJC84

    JJC84 Premium Member Premium Member

    235
    100
    28
    Jan 31, 2018
    Ratings:
    +156
    Local Time:
    10:53 AM
    1.15.x
    10.1.x
    I spent the better part of the day manually migrating a WordPress site from a Cpanel server which I was not able to obtain Cpanel credentials for. I have migrated it to a fresh CentminMod installation on a DigitalOcean droplet. That was fun!

    I used option 22 but didn't use the SSL because it is a production eCommerce site and I can't afford much if any downtime. Any tips on how to create the necessary files to install an SSL certificate hopefully through Let's Encrypt if possible and switch over the DNS records to point to the new server IP address? I'm sure I can figure it out given enough time on my own but I'm hoping for any time-saving tips if possible. Thanks! please help lol!
     
  2. avabrooks

    avabrooks New Member

    2
    1
    1
    Oct 11, 2019
    New York, USA
    Ratings:
    +3
    Local Time:
    9:23 PM
    • Informative Informative x 1
  3. JJC84

    JJC84 Premium Member Premium Member

    235
    100
    28
    Jan 31, 2018
    Ratings:
    +156
    Local Time:
    10:53 AM
    1.15.x
    10.1.x
    @avabrooks Thank you! Thankfully, I lucked out somewhat as the existing server has a floating IP address attached that the existing SSL cert is tied to for it's DNS A record. As I have the full site backup from the Cpanel containing the certificate files I should be able to attach that floating IP to new server, move the files into place and update the vhost configuration. At least that sounds like a decent plan but I will see tomorrow morning. I configured /etc/hosts on my machine to hit the site and it is working perfectly so I am keeping my fingers crossed here.

    The site is making sales even though it currently takes 30 seconds to load so I really can't make things much worse. I probably should not say that though...
     
  4. eva2000

    eva2000 Administrator Staff Member

    41,726
    9,396
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,432
    Local Time:
    1:53 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    If you had setup Centmin Mod Ngnx vhosts with self-signed SSL, you could of tried acmetool.sh add reissue-only option for existing nginx HTTPS SSL vhosts with domain.com.ssl.conf vhost config files that exist. This only does reissue of letsencrypt SSL cert without touching the nginx vhost. Ideal for use when you tried creating a Nginx HTTPS SSL default vhost site but letsencrypt SSL issuance failed the first time. When it fails, Centmin Mod usually falls back to self-signed SSL as a place holder for the domain.com.ssl.conf vhost config. When you run:
    Code (Text):
    cd /usr/local/src/centminmod/addons
    ./acmetool.sh reissue-only domain.com live
    

    It will only try reissuing the letsencrypt SSL certificate for the domain = domain.com for live production SSL certificate without touching any of the existing nginx vhost at domain.com.ssl.conf

    But as you opted to setup Centmin Mod Nginx vhosts without any HTTPS (self-signed), you can just follow the method 3 outlined method below for existing non-HTTPS nginx vhost sites migration to HTTPS.

    There's generally 3 ways of setting up HTTPS SSL certificate for Centmin Mod Nginx HTTP/2 based HTTPS

    Method 1. The traditional way via centmin.sh menu option 2, 22 but ensuring you set LETSENCRYPT_DETECT='y' in persistent config file created at /etc/centminmod/custom_config.inc before you run centmin.sh menu option 2 or 22 for wordpress. You can do that using command below - only need to do this step once and every subsequent run of centmin.sh menu option 2 or 22 will have letsencrypt ssl certificate support enabled
    Code (Text):
    # enable letsencrypt ssl certificate integration https://centminmod.com/acmetool/
    touch /etc/centminmod/custom_config.inc
    echo "LETSENCRYPT_DETECT='y'" >> /etc/centminmod/custom_config.inc
    


    Method 2. Using and testing Centmin Mod 123.09beta01's new addons/acmetool.sh addon which is still in beta testing only for integrating Letsencrypt SSL certificates. And has both auto and manual methods.

    Method 3. Fully manual method for free Letsencrypt SSL certificates.
     
  5. JJC84

    JJC84 Premium Member Premium Member

    235
    100
    28
    Jan 31, 2018
    Ratings:
    +156
    Local Time:
    10:53 AM
    1.15.x
    10.1.x
    Thank you! I figured manual was the way to go and I have done that before a few times. But what about the floating IP on the existing droplet with the existing paid certificate? I can't just attach that to the new droplet and copy over the certificate files?
     
  6. eva2000

    eva2000 Administrator Staff Member

    41,726
    9,396
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,432
    Local Time:
    1:53 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Tricky situation. If you have cpanel SSL certs, you can just use those on your modified Centmin Mod Nginx temporarily until you change DNS over on domain. Or use Centmin Mod acmetool.sh's DNS method of validating Letsencrypt domain issuance Letsencrypt - Official acmetool.sh testing thread for Centmin Mod 123.09beta01 though it only works with Cloudflare DNS right now example here.

    But easiest way I can see i use Cloudflare for domain then Cloudflare can provide HTTPS/SSL cert on front end and you can set Cloudflare SSL to Flexible SSL while you have Centmin Mod non-HTTPS Nginx vhost and change Cloudflare SSL to Full SSL once you internally changed Centmin Mod non-HTTPS Nginx vhost to HTTPS based Nginx vhost. That way visitors are uninterrupted as they only see Cloudflare HTTPS/SSL cert.
     
    • Informative Informative x 1
  7. JJC84

    JJC84 Premium Member Premium Member

    235
    100
    28
    Jan 31, 2018
    Ratings:
    +156
    Local Time:
    10:53 AM
    1.15.x
    10.1.x
    Thank you the last post is the exact information that I was looking for. I don't want the site to have any downtime if possible so I was apprehensive to make any changes to the DNS until I could get a concrete plan sorted.
     
  8. JJC84

    JJC84 Premium Member Premium Member

    235
    100
    28
    Jan 31, 2018
    Ratings:
    +156
    Local Time:
    10:53 AM
    1.15.x
    10.1.x
    The site has been successfully migrated and is now loading in about 2.5 seconds total down from about 30 seconds. Now to implement full SSL and make a few tweaks to really get it flying.
     
    • Like Like x 1
  9. eva2000

    eva2000 Administrator Staff Member

    41,726
    9,396
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,432
    Local Time:
    1:53 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    very nice speed improvement :cool:(y)