Move to a new Caddy server, what is the best way to re-issue all SSLs?


(Noam) #1

Hi,

  1. We have more then 10K domains with SSL under our servers (with OLD Caddy version).
  2. We now built a new server with the new version of Caddy.
  3. We like to transfer all domains to the new server.
  4. We need to use the HTP TLS option.
  5. And we know that sometimes it fail from Letsencrypt side.

What is the best way to this from your knowledge?
(our existing SSL is from version 1 and we know the new version use version 2 so we can’t use it).

Thanks


(Toby Allen) #2

Can you move some at a time or do you have to move them all together?


(Noam) #3

Have to move them all together


(Matt Holt) #4

So, for such a high volume use of Caddy, I’d recommend our support package for situations like this: https://caddyserver.com/products/support - we can help you get transitioned over with minimal or no downtime.

But one question, what do you expect to do for the domains that fail to validate? They’ll need a certificate in order to serve successfully, or you’ll have to disable TLS for them…


(Noam) #5

I don’t know, I first like to know why a domain can fail? what is the reasons for that could be?


(Matt Holt) #6

Lots of reasons. Usually it’s when the domain’s DNS is not properly configured, or there is a firewall blocking external connections, or the DNS provider or server is having a hiccup.

It’s hardly ever an issue on Let’s Encrypt’s side, to be frank. That does happen of course, but it’s quite rare compared to how many validations succeed. And once in a long while we see intermediate networks that happen to be blocking or redirecting traffic between the CA’s endpoints and the subject’s servers, but I’ve only seen that happen myself a couple of times.

The Caddy log output will tell you the reason that the validation failed.

Let me know if you want us to get you set up on our support package!


(Noam) #7

Do you mean the “Extended” support package? We already have the BASIC one. Anyway it will be great to understand what you guys can do and for what price. Feel free to send me that


(Matt Holt) #8

Great! Since you’re a customer we can offer basic support in private. I sent you a DM to continue supporting you.