Is there a better way to do this than just setting up the site with a self signed certificate, doing the DNS change, then once it’s pointing to the new server run LetsEncrypt?
This method works, but can leave a window of users getting errors with the self signed certificate.
I think there is a DNS way, but guessing that would have to be done outside of the plugin in NodeWorx?
Any other ways I’m not seeing?
Doing some more research, is there a way to use acmePHP on command line to generate a manual certificate for this situation, then once it’s up do it through the plugin so it auto updates?
It’s probably “easiest” to just copy/install the old cert on the new server. They will still work on the new server even if DNS isn’t pointed there yet. Once generate, a Let’s Encrypt cert is just like any other cert.
We don’t provide that functionality directly in InterWorx because doing so creates an obligation that a lot of users may not be aware of. Migrating the certs does not “reconstruct” the configuration in AcmePHP and since AcmePHP is unaware of the certs without this configuration, they are no longer auto-renewed. It follows that if we migrated the certs people would experience seemingly random cert expiration at some unknown time between the day they moved the account and up to 90 days later, if they did not manually regenerate the cert themselves in that period.
As long as you are aware that you’ll need to manually regenerate the certs for each domain just after switching the DNS over, I don’t see any reason you couldn’t just copy the cert from the old server to the new server.
This is moving a site from another host to me and I’m not sure I could get access to the certificate and private key through their other system. Right now I’m working with just WordPress access which is enough for me to copy the site.
I understand there is no GUI option (although, with warnings I think that would be a useful feature), but is there a way for me to access acmePHP from shell on my server? Create a certificate manually and then copy and paste it into the SSL GUI for SIteWorx? Just as if I bought the certificate from another 3rd party (nothing to do with LetsEncrypt plugin).
Ah, sorry, I misunderstood. I thought you were speaking of InterWorx to InterWorx migrations.
The AcmePHP phar file is found in
~iworx/lib/acmephp/acmephp.phar. You should be able to run it from that location. There is nothing stopping you from grabbing a separate copy from the AcmePHP release page itself or another tool like acme.sh for this either. If you go with AcmePHP, please note that the documentation on the AcmePHP homepage is still showing info for v1 and we use v2. At the moment, v2 has no documentation. Since we don’t provide the ability to do DNS challenges, it’s not something we’ve ever looked into. Unfortunately, because of this, I do not know what arguments/options you may need for a DNS challenge nor what the workflow would look like.
Unless you’re really adept at reading PHP, it may be best to go with something with a little more documentation. I’ve heard good things about acme.sh (GitHub - acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol). I’ve never used it though.
Awesome, thanks for all the info Brandon. I’ll check it all out and report back here if I figure anything out just in case someone else needs to do this.