Moving to a new VPS

I will need to move to a new virtual server to host my sites (34 entries in acme-v01.api.letsencrypt.org/sites) with Caddy. I am just wondering, is it sufficient to just move the acme-v01.api.letsencrypt.org folder (and the Caddy binary) over to the new host?

Thanks,
Peter

Hi @pepa65,

Your question reminded me of a similar one a while back. To quote myself from then:

The other information in that post might also be pertinent to you, particularly the part that transferring the certificates might not be necessary. As long as, of course, no single registered domain makes up more than 20 of your 34 sites - in which case, absolutely copy it over, or you’ll run into LetsEncrypt rate limits instantly (see: Rate Limits - Let's Encrypt).

Couldn’t hurt, but I don’t believe the format for storing certificates has changed at all recently, so the latest binary should be good to go.

2 Likes

That’s all correct. Just move the .caddy folder over. Make sure the permissions and location are correct.

(It reminds me that the format for storing certificates might change when ACMEv2 is released, but it’s not yet known if the transition will be transparent or not.)

2 Likes

I was thinking to just start Caddy up on the new VPS and when the DNS starts resolving to the new host, it will all be working. But probably letsencrypt will not be happy to authenticate the same sites on different servers, right? You can’t have both servers connecting to letsencrypt at the same time…?

What is the recommended way to handle such transitions?

maybe just don’t switch over the DNS all at once for all domains ?

1 Like

What @eva2000 said - staggering your transitions over time - is great advice, or alternately, DNS validation is pretty useful for having multiple Caddies with the same certificates. That would let you have your new VPS fully set up and ready to go before you pull the trigger on pointing the domain names to the new server.

I guess the elegant way would be using a proxy server for a smooth handover. In my case I think I’ll change the DNS, shut the old server down, start the new one up.

Check out the “If you require absolutely zero downtime” section of the thread I quoted earlier. It’s about as elegant a method as I think can be done for this purpose.

2 Likes

You mean to prove the domain ownership by adding a specific TXT record in the DNS zone of the target domain? So wait until the DNS resolves and then add the TXT record in order for letsencrypt to not bail out??

EDIT: Actually the proxy method in the post you referred to in your first reply sounds perfect!

You can do the TXT validation method regardless of where the A records are pointed; that’s probably the strongest draw to DNS validation. So, you could keep your old VPS where it is, and have all the domains pointed to it; meanwhile, your new VPS uses DNS validation to get all its certificates ready; then you swap your A records over whenever you like.

In the proxy method I posted, you can either copy the .caddy folder across, OR use DNS validation to fill in brand new certificates - both are completely non-intrusive ways of completing that step.

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.