Join the community today
Register Now

SSL migrate let's encrypt certificate

Discussion in 'Domains, DNS, Email & SSL Certificates' started by Kintaro, Oct 16, 2018.

  1. Kintaro

    Kintaro Member

    60
    3
    8
    Dec 2, 2016
    Ratings:
    +14
    Local Time:
    12:20 AM
    1.9.10
    MariaDB 10
    I'm trying centminmod.

    Actually I only have a nanolinode and I'm testing a domain migration.

    I have domain.com live on a OVH VPS with a valid let's encrypt ssl certificate.

    what steps I have to do to migrate it to centminmod without messing with ssl?

    1. migrate data
    2. migrate db
    3. change DNS
    4. reissuing certificate
      or it's better to migrate ssl certificate too?
    reading this:
    https://community.letsencrypt.org/t/moving-working-existing-https-site-to-new-server/45950/4

    I understand that I can overlap ssl certificates without issue... is it right?
     
  2. eva2000

    eva2000 Administrator Staff Member

    39,199
    8,654
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,307
    Local Time:
    8:20 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    No need to migrate letsencrypt ssl certificates issued by non-centmin mod server setups. Just issue a new letsencrypt ssl certificate via method 3 new nginx vhost https/ssl method outlined at https://centminmod.com/letsencrypt-acmetool-https.html. You have multiple valid letsencrypt SSL certificates for period up to 90 day expiry for same domain if the domain's DNS is updated to point to the server IP at time of issuance. Just the old server will fail letsencrypt renewal since the domain DNS now points to new server's IP so auto renewal will happen on new Centmin Mod server you are moving to.

    There's generally 3 ways of setting up HTTPS SSL certificate for Centmin Mod Nginx HTTP/2 based HTTPS

    Method 1. The traditional way via centmin.sh menu option 2, 22 and selecting yes to self-signed ssl certificates first. Then converting the self-signed ssl certificate to paid or free (Letsencrypt) web browser trusted SSL certificates outlined at How to switch self-signed SSL certificate to paid SSL certificate ? You would still need to follow the same steps outlined at Nginx SPDY SSL Configuration for obtaining and purchasing the paid SSL certificate and most important part is the concatenation of the SSL provider provided filesto create the mentioned /usr/local/nginx/conf/ssl/domaincom/ssl-unified.crt and /usr/local/nginx/conf/ssl/domaincom/ssl-trusted.crtfiles referenced in your Nginx SSL vhost config file.

    You may need to also decide if you want to enable HTTP to HTTPS redirect outlined at How to force redirect from HTTP:// to HTTPS:// ?

    If you didn't answer yes at time of initial nginx vhost creation to self-signed ssl certificates, you can manually setup the self-signed ssl certificate via the vhost generator by checking self-signed ssl box and enter a domain name. This will outline instructions for manually creating and setting up self-signed ssl certificate and nginx vhost settings. Then for web browser trusted ssl certificates you switch follow - How to switch self-signed SSL certificate to paid SSL certificate ?.

    Method 2. Using and testing Centmin Mod 123.09beta01's new addons/acmetool.sh addon which is still in beta testing only for integrating Letsencrypt SSL certificates. And has both auto and manual methods.

    Method 3. Fully manual method for free Letsencrypt SSL certificates.
    Note:
    • For wordpress auto installer, you actually need a read method 2 to enable LETSENCRYPT_DETECT='y' then run centmin.sh menu option 22 which will detect letsencrypt support and display the additional letsencrypt prompts required to issue free letsencrypt ssl certificates for wordpress auto installer
    For moving site data there's 2 general guides where the principles & steps of backing up and moving data is the same just slightly different for
    1. Moving Centmin Mod site data to another Centmin Mod server
    2. Moving cPanel/WHM site data to Centmin Mod server
    Those guides move alot more than just the site(s) in question but config files etc. You can use your own best judgement as to the config files and whether you want to move them or just use the fresh server setup Centmin Mod config files as they get auto optimised for the server Centmin Mod initially installed on. If your site on OVH isn't centmin mod or cpanel/whm based, then those guides won't be 100% applicable, but the general overview of what needs moving and where everything is structured in Centmin Mod LEMP environment is worth reading up on.
     
..