Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to ensure a smooth transition to Let's Encrypt SSL Cert?

Posted on 2016-10-02
2
Medium Priority
?
136 Views
Last Modified: 2016-10-03
Hello!

I've got LAMP running on Ubuntu 14.04 and almost a year ago I installed SSL (TLS 1.2) certificate for my web server, so my site would only run under HTTPS protocol. On October 8 the certificate expires. And from now on I want to install and use Let's Encrypt. They have pretty good tutorials on how to use Let's Encrypt, so (hopefully) I won't have any issues with it. But I don't know what to do now. Must I wait till after my old cert expires? Or should I go ahead and proceed with Let's Encrypt installation ASAP? If the latter, then another question arises. How to get rid of the old cert? I mean, it's probably NOT a good idea to use two of them side by side. In short, too many things I don't understand.
0
Comment
Question by:papa kota
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 8

Accepted Solution

by:
Jason earned 2000 total points
ID: 41825711
I would start now. Familiarize your self with the whole process then try and make the switch. If something goes wrong you can put things back while you figure it out, because your current certificate is still good.

If you wait until your current certificate expires, then you run into problems setting up lets encrypt for the first time. You will have an extended period of people getting browser warnings while you try and figure out the problem.
0
 

Author Comment

by:papa kota
ID: 41825718
So what's the correct order of things? First, to delete the old files? I placed .crt and root_bundle.crt files in /etc/ssl/certs directory and a .key file in /etc/ssl/private directory. Other than physically deleting those files, do I have to run any specific command in the terminal or something? And then to install Let's Encrypt?
New cert from what I understood shouldn't be put like a file, it's somehow automatically works. Not the way it was with the old one...
Also in a file /etc/apache2/sites-available/000-default.conf there're 3 references to my old cert's files:

SSLCertificateFile /etc/ssl/certs/my_domain.com.crt
SSLCertificateKeyFile /etc/ssl/private/my_domain.com.key
SSLCertificateChainFile /etc/ssl/certs/root_bundle.crt

So what to do with those links? To comment out them? Or update with a new files that would be created by Let's Encrypt etc.?
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question