[LINUX] I tried to reuse the SSL certificate issued by Let's Encrypt due to the server transfer

Premise

This time I had the opportunity to move from Server A (hereafter, old server) to Server B (hereafter, new server). I wanted to take the SSL certificate used on the old server to the new server and use it as it is, so I tried it with reference to the following. If you follow the procedure below, SSL will not be canceled even for a moment, and I think it is possible to transfer the server safely and securely.

https://blog.fileshelfplus.com/vps/280

environment

procedure

First, ssh login to the old server (Basically, the certificate issued by ** Let's Encrypt ** is in `/ etc/letsencrypt /`.) letsencryptCompress the entire directory.

Old server


$ zip -ry letsencrypt.zip /etc/letsencrypt
#Or
$ tar zcvf letsencrypt.tar.gz /etc/letsencrypt

After restoring the compressed file to the new server, log in to ssh.

Follow the Let ’s Encrypt User Guide to install the Certbot client.

New server


$ sudo yum -y install epel-release
$ sudo yum -y install certbot
$ sudo curl https://dl.eff.org/certbot-auto -o /usr/bin/certbot-auto
$ sudo chmod 700 /usr/bin/certbot-auto

Next, decompress the restored compressed file. The decompression location is `` `/ etc```.

New server


$ zip -ry letsencrypt.zip /etc/letsencrypt
#Or
$ tar zcvf letsencrypt.tar.gz /etc/letsencrypt

Change domain IP association

If you can do it so far, replace the domain. Change the A record, TXT record, and name server according to the procedures of various server companies. This time, I referred to the following.

https://qiita.com/sugra511/items/3b05423d4adeeec5cdd4

Finally, update the certificate and update the web server.

New server


$ certbot-auto renew
$ systemctl restart httpd
#The following is a cron that automatically updates at 4 am on the first day of every month
# certbot-Renew certificate with auto and restart apache
# [webroot]Don't forget to set

$ crontab -e
00 04 01 * * certbot-auto renew --force-renew --webroot-path /var/www/html/[webroot] --post-hook "systemctl reload httpd"

Recommended Posts

I tried to reuse the SSL certificate issued by Let's Encrypt due to the server transfer
The story of switching from WoSign to Let's Encrypt for a free SSL certificate
I tried to output the access log to the server using Node.js
I tried to visualize the Beverage Preference Dataset by tensor decomposition.
I tried to summarize the commands used by beginner engineers today
I tried to predict by letting RNN learn the sine wave
I tried to solve the shift scheduling problem by various methods
I tried to move the ball
I tried to estimate the interval.
I tried moving the image to the specified folder by right-clicking and left-clicking
I tried to communicate with a remote server by Socket communication with Python.
I tried to find the optimal path of the dreamland by (quantum) annealing
I tried to verify and analyze the acceleration of Python by Cython
I tried to summarize the Linux commands used by beginner engineers today-Part 1-
I tried to solve the inverted pendulum problem (Cart Pole) by Q-learning.
I tried to verify the result of A / B test by chi-square test
I tried to analyze the New Year's card by myself using python
I tried the asynchronous server of Django 3.0
I tried to summarize the umask command
I tried to recognize the wake word
I tried to estimate the pi stochastically
I tried to touch the COTOHA API
I tried to predict the presence or absence of snow by machine learning.
I tried to predict the change in snowfall for 2 years by machine learning
I tried to rescue the data of the laptop by booting it on Ubuntu
I tried to pass the G test and E qualification by training from 50
I tried to program bubble sort by language
I tried web scraping to analyze the lyrics.
I tried to optimize while drying the laundry
I tried to get an image by scraping
I tried to save the data with discord
I tried to touch the API of ebay
I tried to correct the keystone of the image
I tried using the Datetime module by Python
Qiita Job I tried to analyze the job offer
[Python] I will upload the FTP to the FTP server.
LeetCode I tried to summarize the simple ones
I tried to classify dragon ball by adaline
I tried to implement the traveling salesman problem
I tried to predict the price of ETF
I tried to vectorize the lyrics of Hinatazaka46!
[Introduction] I tried to implement it by myself while explaining the binary search tree.
[Introduction] I tried to implement it by myself while explaining to understand the binary tree
I tried to learn the sin function with chainer
I tried to graph the packages installed in Python
I tried to summarize the basic form of GPLVM
I tried to touch the CSV file with Python
I tried to predict the J-League match (data analysis)
I tried to solve the soma cube with python
I tried to approximate the sin function using chainer
I tried to put pytest into the actual battle
I tried to visualize the spacha information of VTuber
I tried to erase the negative part of Meros
I tried to solve the problem with Python Vol.1
I tried to simulate the dollar cost averaging method
Script to get the expiration date of the SSL certificate
I tried increasing or decreasing the number by programming
I tried to redo the non-negative matrix factorization (NMF)
I tried to identify the language using CNN + Melspectogram
I tried to notify the honeypot report on LINE
I tried to complement the knowledge graph using OpenKE