Answer the question
In order to leave comments, you need to log in
How to make an SSL certificate for a server that does not yet use a domain?
Hey!
Situation:
There is a production server with a working website. And there is a new server on which a new version of the site has been created and it will be used for production.
The new server does not have a domain because it will use the same domain as the production server.
Both servers use nginx and Ubuntu.
Task:
You need to connect an SSL certificate on a new server using Certbot (Let's Encrypt) so that it is automatically updated every 3 months.
Problem:
To connect a certificate through Certbot, you need the site domain to point to the IP of the server on which the certificate is currently being configured. But at the moment the domain redirects to the old server. And changing the IP in the A-records (in DNS) of domains is not an option, because then you will have to wait half a day or a day for the DNS to be updated and only after that configure the certificate. It turns out that the site (for some users) may be unavailable or work without https during the day.
Question:
How to solve this problem and "seamlessly" redirect the domain to a new server with an activated certificate?
Can be for this purpose to use some temporary domain?
Or maybe you can just transfer the certificate files from one server to another? But then which files (inside/etc/letsencrypt
there are many of them in different folders)? And as a result of such copying, will auto-update work every 3 months?
Thank you in advance!
Answer the question
In order to leave comments, you need to log in
What is the problem with writing this? Stupidly you combine phrases separated by commas and that's it.
copy the certificate (files that are registered in the corresponding nginx config directives) from the working server before transferring and add it to the nginx directives on the new server
, after transferring and changing A-records, install certbot normally with certificate auto-
renewal do not fence the bike and rake
This will be the fastest way to one-time transfer of one server.
UPD: to avoid conflicts, place files from a working server with a key and a certificate to a new one not in /etc/letsencrypt, but, for example, in /etc/nginx/ssl, otherwise certbot will go nuts, why slipped it
you copy the certificates from the production, put them in and the local certbot will skip them because they are valid and will not reissue them.
But when the site moves, he will re-release them.
Actually everything will be seamless.
I would use Cloudflare. Connect your domain to it, if necessary, the server IP address changes in one click, instantly - without having to wait a day. They put their own SSL certificate and keep it up to date, you don’t need to do anything, certbot is not needed. They have a free basic plan, use it.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question