Request certificate for domain X that sits on another VPS


I’m in the middle of migrating my old VPS to the new one and now I’m in the most crucial step :slight_smile:

Domain X sits in VPS1 and I want to request letsencrypt certificate for VPS2. I defined domain X also in VPS2 but in my registrar it is still pointing to VPS1.

I don’t want to ruin VPS1 and I wonder if requesting a certificate in the above situation will work and won’t cause any contradictions.


Has anyone been in this situation and can share his experience?
I’m now in the crucial point of this step and I don’t want to ruin VPS1, it is production. Thanks.

A bit more information.

VPS1 including virtual server for with letsencrypt certificate and registrar pointing to it - alive and working.

VPS2 including virtual server for While VPS1 is a live, I want to request a certificate for and

My only worry is to have any kind of contradiction with VPS1 that is a live production. Will letsencrypt issue a certificate to VPS2-> with no problem?

I’m using virtualmin to issue the certificate

As Letsencrypt verifies using DNS and file writing, my guess is a request for a cert for VPS2 would fail on DNS (it would point to the wrong domain and therefore be unable to write its test file).
Why would you need to do this? When you switch the domain to the new machine and it resolves correctly, it takes 30 seconds to get a new cert. Just do it in a low-traffic period.

The thing is, changing A RECORD to the new VPS takes its time as well and it’s not final until it gets steady (With previous such changes, I got to the old/new server periodically until it resolves only to the new one).

Another method I read was to copy letsencrypt folder as a whole to VPS2. Will that work in the scenario I mentioned?

There are 2 challenges, do you know the challenge virtualmin is working with? If it’s DNS, then it won’t work as you mentioned. I can press the button and see what happens but I’m afraid it will ruin what I have now.

#1 When you change the A Record you can usually change the TTL (Time To Live) to 300 (seconds) which is five minutes and usually means that the migration is complete in 10 mins or so.

#2 You are over thinking this. The site need not be down for long and if it is down for a few hours in the middle of the night, so what? It is only once.

#3 I just explained why you cannot get a working certificate for VPS2 until the domain resolves to it.

You are right about me overthinking it, it happens when I need to do something delicate like this and I don’t know the effect of it :slight_smile:

I hope changing A RECORD and certificate request will be processed fast. Thanks!

Remember to put the TTL setting back to 3600/whatever when you are finished. This is the caching time for the DNS.

Thanks for the tip: what do you consider as “finished”? Once I see it directing to the new vps on my computer?

Maybe do it a couple of days after, in case you need to reverse the whole thing.

Well, that needs to propagate by itself :slight_smile:

TTL changes also need propagate out just like any other DNS change. Thus changing a TTL from 1 week to 1 day means it could take a full week before everyone knows it has a 1 day TTL

I give up. Try what I said and it will work.

No need to give up, I will do what you said. I appreciate your help very much!