After installing MIAB and activating LetsEncrypt successfully I discovered I had installed it on the wrong server. The process provided SSL’s for my domains eg., box.example.com, example.com and www.example.com.
What are my options on moving MIAB to a different server and different IP with a larger capacity without compromising the box.example.com SSL from LetsEncrypt. I also need to host the example.com and www.example.com domains independently on another server and need guidance on how to move the domains SSL’s without compromising the certificates already issued by LetsEncrypt .
Any guidance appreciated…
Lets Encrypt will produce a new ssl cert for your new machines.
Simply install MIAB on the new, larger machine, point the relevant name servers to it, setup www.example.com and example.com in the dns admin panel on box.example.com and you should be good to go.
You’ll need to figure out how to setup ssl on example.com and www.example.com, but that’s where the standard, https://certbot.eff.org/ instructions apply.
Certificates are associated with domain names, not individual servers or IP addresses. LetsEncrypt will happily give you another certificate for a different server with the same domain name.
From that info I also gather destroying the existing VPS without having to copy keys or files will not have any negative effect when recreating the SSL through LetsEncrypt again. Thanks very much for the feedback. Really good news too.I wonder how I could have prevented MIAB from creating SSL’s for the naked domain and www version in the first place.
Lets Encrypt is pretty awesome that way.
MIAB automatically creates SSL certificates for all domains that it provides both a nameserver AND hosts directly. If you set the domain to be hosted elsewhere via the admin interface, MIAB won’t generate an SSL cert for that domain. (Because it can’t!)
Can you share some insight into how I can delete a already installed comercial certificate, and have Lets Encrypt install a new one ?
I have 4 certificates where the 3 of them is Lets Encrypt certs, so they work on those FQDN’s
Thanks in advance.
I’m not quite sure how to go about doing that, but my hunch is that you should move the old certificates elsewhere and then try to request a certificate with the UI.
Report back on your success!