Learn about Centmin Mod LEMP Stack today
Become a Member

Nginx Insight Guide How to change a site's domain name with HTTPS and Letsencrypt SSL Certificate?

Discussion in 'Centmin Mod Insights' started by eva2000, Sep 25, 2019.

Thread Status:
Not open for further replies.
  1. eva2000

    eva2000 Administrator Staff Member

    42,375
    9,568
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,746
    Local Time:
    1:16 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    To change a Centmin Mod Nginx created site's domain, you'd need to do the following steps - assuming your site is HTTPS based with Letsencypt SSL (which is the norm these days).

    Notes:
    • Below example uses old domain = olddomain.com and new domain = newdomain.com so replace all occurrences with your specific names for old and new desired domain name.
    • To be 100% safe, always backup directories and files before you move, rename or delete them. You'd need to backup the following files & directories
      • /usr/local/nginx/conf/conf.d/olddomain.com.ssl.conf
      • /usr/local/nginx/conf/ssl/olddomain.com
      • /home/nginx/domains/olddomain.com
    Step 1. Copy your Letsencrypt issued SSL certificate files from old domain name directory to create a copy in new domain name's directory. This directory is set in your domain's Nginx vhost config file at /usr/local/nginx/conf/conf.d/olddomain.com.ssl.conf as path to look for Letsencrypt SSL certificates for HTTPS sites.
    Code (Text):
    cp -a /usr/local/nginx/conf/ssl/olddomain.com /usr/local/nginx/conf/ssl/newdomain.com

    Step 2. Copy your domain's Nginx vhost config file at /usr/local/nginx/conf/conf.d/olddomain.com.ssl.conf and create your new domain's Nginx vhost config file at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    Code (Text):
    cp -a /usr/local/nginx/conf/conf.d/olddomain.com.ssl.conf /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf

    Step 3. Modify your newly created Nginx vhost config file at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf replacing all references of olddomain.com with newdomain.com - paying attention to server_name domain names listed which tell Nginx which domain to detect and serve. You also need to modify all references to olddomain.com in /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.crt.key.conf include file. You can use a text editor with copy & replace all feature or just use command line sed to replace all occurences.
    Code (Text):
    sed -i 's|olddomain.com|newdomain.com|g' /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    sed -i 's|olddomain.com|newdomain.com|g' /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.crt.key.conf
    

    Step 4. Adjusting your domain's site directory and public web root where files are uploaded and served from. Old domain would have public web root as /home/nginx/domains/olddomain.com/public where site directory is at /home/nginx/domains/olddomain.com.

    If you have enough disk space you can make a copy so that both /home/nginx/domains/olddomain.com and /home/nginx/domains/newdomain.com exist at same time. This way you can still test and access your domain from either olddomain.com or newdomain.com when you have finished these steps.
    Code (Text):
    cp -a /home/nginx/domains/olddomain.com /home/nginx/domains/newdomain.com

    At this stage you should be able to restart Nginx + PHP-FPM to have access to both /home/nginx/domains/olddomain.com and /home/nginx/domains/newdomain.com - provided you have working DNS A records for both olddomain.com and newdomain.com pointing to the server IPv4 IP address. Access to newdomain.com will though have invalid SSL certificate warning as SSL certificates contained in copied domain at /usr/local/nginx/conf/ssl/newdomain.com are for olddomain.com for now.
    Code (Text):
    nprestart

    If you don't have enough disk space, then DO NOT restart Nginx + PHP-FPM yet as it will break your olddomain.com access right now as /home/nginx/domains/olddomain.com would no longer exist after a rename via mv command below
    Code (Text):
    mv /home/nginx/domains/olddomain.com /home/nginx/domains/newdomain.com

    Step 5. Now once all is working on newdomain.com, remove the original copied files and directories via rm command if you no longer need access to olddomain.com. If you have enough disk space, it wouldn't hurt keeping them there for a few weeks to make sure your newdomain.com is working as you can reference the old files again if you have issues etc.
    Code (Text):
    cd /usr/local/nginx/conf/ssl/olddomain.com
    rm -f /usr/local/nginx/conf/conf.d/olddomain.com.ssl.conf
    rm -rf /usr/local/nginx/conf/ssl/olddomain.com
    rm -rf /home/nginx/domains/olddomain.com
    

    and then restart both Nginx + PHP-FPM
    Code (Text):
    nprestart

    Step 6. Reissuing Letsencrypt SSL certificate for newdomain.com so it properly populates /root/.acme/newdomain.com directory with settings that Letsencrypt cronjob uses for auto renewal.

    Try acmetool.sh add reissue-only option for existing nginx HTTPS SSL vhosts with newdomain.com.ssl.conf vhost config files that exist. This only does reissue of letsencrypt SSL cert without touching the nginx vhost. Ideal for use when you tried creating a Nginx HTTPS SSL default vhost site but letsencrypt SSL issuance failed the first time. When it fails, Centmin Mod usually falls back to self-signed SSL as a place holder for the domain.com.ssl.conf vhost config. In this case purpose is to issue Letsencrypt SSL certificates for newdomain.com to overwrite ones in /usr/local/nginx/conf/ssl/newdomain.com which were copied from olddomain.com.

    When you run:
    Code (Text):
    cd /usr/local/src/centminmod/addons
    ./acmetool.sh reissue-only newdomain.com live
    

    It will only try reissuing the letsencrypt SSL certificate for the domain = newdomain.com for live production SSL certificate without touching any of the existing nginx vhost at newdomain.com.ssl.conf

    Now you should have moved your domain from olddomain.com to newdomain.com
     
    • Informative Informative x 1
Thread Status:
Not open for further replies.