Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
700 views
in Technique[技术] by (71.8m points)

migration - Migrating servers: 2 Let's Encrypt SSL certificates for the same domainname on 2 different servers

I'm migrating servers, moving my sites from VPS A to VPS B. I use Let's Encrypt for all of my 10 website's SSL certificates. Before I start this migration process I need to know issues that I might be running into.

I have used win-acme to create certificates for ALL of my 10 websites on VPS A. I want to test migrating 1 site, let's call this site X, to VPS B first. Then after I copied all data for site X from VPS A to VPS B, I want to generate the SSL certificate and change my DNS settings so site X no longer points to VPS A, but to VPS B.

My question is: when I run win-acme on VPS B and generate a new SSL certificate for site X, can I have 2 SSL certificates for the same domain name that were generated for 2 different servers? Or will Let's Encrypt invalidate one of them?

Hopefully my question is clear, any context/further info is highly appreciated!

Already checked here and here.

question from:https://stackoverflow.com/questions/65927175/migrating-servers-2-lets-encrypt-ssl-certificates-for-the-same-domainname-on-2

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Let's encrypt uses the ACME protocol the default verification method is based on the server being able to respond to a specific http request (which is only possible if the IP matches).

It is however possible to use DNS certification, win acme has a plugin to do dns verification. I have no experience with win acme, but with certbot DNS verification is automated for some dns providers and requires manual steps for other dns providers.

With DNS verification it's possible that you have a certificate for a domain on multiple servers. With the regular verification it isn't possible.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...