Manual account migration involves copying website content, databases, mails and more.
However, users often confuse on moving the SSL certificate, especially when the server has expensive wildcard SSL setup.
A slight mistake while trying to move SSL certificate to another Apache server can make your website insecure.
That’s why, at Bobcares, we often get SSL certificate migration requests from our customers as part of our Server Migration Services.
Today, we’ll see how our Migration Experts move the certificate to another apache server and fix the related errors.
When we need to move SSL certificate
An SSL certificate is really powerful in making the communication secure. And, this has a major role when your website deals with critical information like credit card data.
With modern hosting technologies, SSL certificates often has to be used on various servers. Particularly, when the website utilizes load balancing to distribute the site load across multiple servers.
In addition, after the server migration, installing a new SSL certificate on the server is very expensive. Then, it becomes a cost effective option to transfer the SSL certificate from the older Apache server to new Apache server. Similarly, manual migration of cPanel accounts also require moving SSL certificates.
Certificates like Comodo SSL certificates can be installed for unlimited number of physical servers.
How we move SSL certificate between the Apache servers
Now, let’s see how our Migration Engineers move SSL certificate between the Apache servers.
1. Initially, we connect to the server as root user and open the Apache configuration file at /etc/apache2/httpd.conf or /etc/httpd/conf/httpd.conf. Then, we find the SSL certificate, private key, and any intermediate certificates for the domain.
For that, we locate the < Virtualhost > section for the domain, where SSL was set up initially. It may be either in httpd.conf or in ssl.conf. Also, the location may differ based on the Apache configuration.
We use the below command to find the exact location.
find / -type f -name '*\.conf' -exec grep -il "SSLCertificateFile" {} \;
For example, the results would look as:
SSLCertificateFile /usr/local/ssl/crt/public.crt
SSLCertificateKeyFile /usr/local/ssl/private/private.key
SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt
2. Then, we copy those files to the new server using scp command as root user.
3. We edit the Apache configuration file to use the new files on the new server. We always make sure to backup the Apache configuration prior to any edits.
4. Finally, we save the Apache configuration file, do a syntax check and restart Apache using the commands below.
apachectl -t
systemctl restart httpd
Again, when the source server is cPanel, the transfer of SSL files can be done from WHM too. For this, we go to WHM >> SSL/TLS section >> SSL Storage Manager and copy the relevant domain’s SSL files.
How we fixed common errors when moving SSL certificates
From our experience in managing servers, we’ve seen customers facing problems while moving SSL certificates between cPanel Apache servers.
Here, let’s take a closer look at how our Migration Engineers fix the certificate copying problems.
1. Mismatch in files
Recently, one of our customers contacted us with a problem after moving SSL certificates to another server. He was getting an error as follows.
"Unable to configure RSA server private key" and "certificate routines:X509_check_private_key:key values mismatch" Errors
This error means that private key loaded in the VirtualHost section of the .conf file didn’t match the SSL Certificate loaded in the same section.
Therefore, our Migration Engineers had to find the .key file matching the .crt file and update the VirtualHost configuration accordingly.
Sometimes, we solve the issue by creating a new CSR from the existing private key file. For that, we use the following command.
openssl req -new -key your_domain_com.key -out your_domain_com.csr
2. Missing mod_ssl module
Often, customers may face error after moving SSL certificate to another server due to missing modules too. It may be due to the absence of some module like mod_ssl on the destination server. Apache needs this module to generate SSL connections.
In such cases, to the fix the error, our Migration Engineers install mod_ssl.
Again, the steps differ depending on the type of server. To enable this module on CentOS, we run the following command.
yum install mod_ssl
[Having trouble while moving SSL certificates between Apache servers? We’ll fix it for you.]
Conclusion
In short, when a customer needs to switch server, it is possible to move SSL certificate to another server Apache. Today, we saw how our Migration Experts move SSL certificate to another server Apache and fix related errors.
0 Comments