This time I had the opportunity to move from Server A (hereafter, old server) to Server B (hereafter, new server). I wanted to take the SSL certificate used on the old server to the new server and use it as it is, so I tried it with reference to the following. If you follow the procedure below, SSL will not be canceled even for a moment, and I think it is possible to transfer the server safely and securely.
https://blog.fileshelfplus.com/vps/280
First, ssh login to the old server
(Basically, the certificate issued by ** Let's Encrypt ** is in `/ etc/letsencrypt /`.)
letsencryptCompress the entire directory.
Old server
$ zip -ry letsencrypt.zip /etc/letsencrypt
#Or
$ tar zcvf letsencrypt.tar.gz /etc/letsencrypt
After restoring the compressed file to the new server, log in to ssh.
Follow the Let ’s Encrypt User Guide to install the Certbot client.
New server
$ sudo yum -y install epel-release
$ sudo yum -y install certbot
$ sudo curl https://dl.eff.org/certbot-auto -o /usr/bin/certbot-auto
$ sudo chmod 700 /usr/bin/certbot-auto
Next, decompress the restored compressed file. The decompression location is `` `/ etc```.
New server
$ zip -ry letsencrypt.zip /etc/letsencrypt
#Or
$ tar zcvf letsencrypt.tar.gz /etc/letsencrypt
If you can do it so far, replace the domain. Change the A record, TXT record, and name server according to the procedures of various server companies. This time, I referred to the following.
https://qiita.com/sugra511/items/3b05423d4adeeec5cdd4
Finally, update the certificate and update the web server.
New server
$ certbot-auto renew
$ systemctl restart httpd
cron.#The following is a cron that automatically updates at 4 am on the first day of every month
# certbot-Renew certificate with auto and restart apache
# [webroot]Don't forget to set
$ crontab -e
00 04 01 * * certbot-auto renew --force-renew --webroot-path /var/www/html/[webroot] --post-hook "systemctl reload httpd"
Recommended Posts