Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alexey Segodin2021-04-14 14:18:26
PHP
Alexey Segodin, 2021-04-14 14:18:26

How to make an SSL certificate for a server that does not yet use a domain?

Hey!

Situation:
There is a production server with a working website. And there is a new server on which a new version of the site has been created and it will be used for production.
The new server does not have a domain because it will use the same domain as the production server.
Both servers use nginx and Ubuntu.

Task:
You need to connect an SSL certificate on a new server using Certbot (Let's Encrypt) so that it is automatically updated every 3 months.

Problem:
To connect a certificate through Certbot, you need the site domain to point to the IP of the server on which the certificate is currently being configured. But at the moment the domain redirects to the old server. And changing the IP in the A-records (in DNS) of domains is not an option, because then you will have to wait half a day or a day for the DNS to be updated and only after that configure the certificate. It turns out that the site (for some users) may be unavailable or work without https during the day.

Question:
How to solve this problem and "seamlessly" redirect the domain to a new server with an activated certificate?
Can be for this purpose to use some temporary domain?
Or maybe you can just transfer the certificate files from one server to another? But then which files (inside/etc/letsencryptthere are many of them in different folders)? And as a result of such copying, will auto-update work every 3 months?

Thank you in advance!

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
M
Mikhail Vasilyev, 2018-07-02
@mickvav

What is the problem with writing this? Stupidly you combine phrases separated by commas and that's it.

Report
D
Denis Yuriev, 2021-04-14
@Aleksei_Segodin

copy the certificate (files that are registered in the corresponding nginx config directives) from the working server before transferring and add it to the nginx directives on the new server
, after transferring and changing A-records, install certbot normally with certificate auto-
renewal do not fence the bike and rake
This will be the fastest way to one-time transfer of one server.
UPD: to avoid conflicts, place files from a working server with a key and a certificate to a new one not in /etc/letsencrypt, but, for example, in /etc/nginx/ssl, otherwise certbot will go nuts, why slipped it

Report
V
Viktor Taran, 2021-04-14
@shambler81

you copy the certificates from the production, put them in and the local certbot will skip them because they are valid and will not reissue them.
But when the site moves, he will re-release them.
Actually everything will be seamless.

Report
N
Nadim Zakirov, 2021-04-14
@zkrvndm

I would use Cloudflare. Connect your domain to it, if necessary, the server IP address changes in one click, instantly - without having to wait a day. They put their own SSL certificate and keep it up to date, you don’t need to do anything, certbot is not needed. They have a free basic plan, use it.

Similar questions
M
Mikhail Potapenkov2016-06-13 18:20:30
On initial startup, the OS issues a blue screen 0x0000007B. What does it mean? 4Reply
I
ITpie2021-03-25 20:16:06
How to make docker to test python code with certain libraries? 3Reply
R
Rustam Akhmetov2016-06-27 10:05:19
How to speed up cms Moodle? 4Reply
M
MrFreeman2014-05-22 10:27:02
Where did the events from habrahabr go? 6Reply
D
Dmitry2019-09-20 14:21:34
Does not download files from utorrent, openwrt firmware? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question