I’m in the middle of migrating my old VPS to the new one and now I’m in the most crucial step
Domain X sits in VPS1 and I want to request letsencrypt certificate for VPS2. I defined domain X also in VPS2 but in my registrar it is still pointing to VPS1.
I don’t want to ruin VPS1 and I wonder if requesting a certificate in the above situation will work and won’t cause any contradictions.
Has anyone been in this situation and can share his experience?
I’m now in the crucial point of this step and I don’t want to ruin VPS1, it is production. Thanks.
My only worry is to have any kind of contradiction with VPS1 that is a live production. Will letsencrypt issue a certificate to VPS2->domain.com with no problem?
As Letsencrypt verifies using DNS and file writing, my guess is a request for a cert for VPS2 would fail on DNS (it would point to the wrong domain and therefore be unable to write its test file).
Why would you need to do this? When you switch the domain to the new machine and it resolves correctly, it takes 30 seconds to get a new cert. Just do it in a low-traffic period.
The thing is, changing A RECORD to the new VPS takes its time as well and it’s not final until it gets steady (With previous such changes, I got to the old/new server periodically until it resolves only to the new one).
Another method I read was to copy letsencrypt folder as a whole to VPS2. Will that work in the scenario I mentioned?
There are 2 challenges, do you know the challenge virtualmin is working with? If it’s DNS, then it won’t work as you mentioned. I can press the button and see what happens but I’m afraid it will ruin what I have now.
#1 When you change the A Record you can usually change the TTL (Time To Live) to 300 (seconds) which is five minutes and usually means that the migration is complete in 10 mins or so.
#2 You are over thinking this. The site need not be down for long and if it is down for a few hours in the middle of the night, so what? It is only once.
#3 I just explained why you cannot get a working certificate for VPS2 until the domain resolves to it.
TTL changes also need propagate out just like any other DNS change. Thus changing a TTL from 1 week to 1 day means it could take a full week before everyone knows it has a 1 day TTL