Updating domain name for SSL certificate in Sync endpoint server

My current sync endpoint server is hosted on Digital Ocean. I have created another droplet using a snapshot of the current server so that I can associate it with a different domain and use it for a different project. But since the letsencrypt SSL is configured for the original server, can anyone suggest how can I change the domain name and get a new SSL for this domain? Thanks.

1 Like

rerun the interactive setup script:

python3 init-odkx-sync-endpoint.py

Thanks Waylon. Running the setup script will also ask for custom LDAP password. Since I already have setup the custom password, would saying ā€˜Noā€™ would reset the password or will it keep the current password?

Hi Mandy,

While I havenā€™t tested this exact scenario, I think you should login to the container running ā€˜certbotā€™ with an interactive shell to issue a certificate for the new domain. Then that new certificateā€™s *.pem-files should be placed in the volume shared with the nginx containerā€¦ So if you replace YOUR_EMAIL_ADDRESS and THE_NEW_DOMAIN with the real values in the statements below, I believe it should work.

The first line starts an interactive shell on the certbot container.
The second line runs certbot to generate the new certificates, and
The third line copies the new certificates into the folder configured in nginx

docker exec -it $(docker ps -aqf "name=certbot") /bin/sh
certbot certonly --webroot -w /var/www/certbot --email YOUR_EMAIL_ADDRESS -d THE_NEW_DOMAIN --rsa-key-size 4096 --agree-tos --cert-name renewal-staging --keep-until-expiring --non-interactive
cp /etc/letsencrypt/live/renewal-staging/*.pem /etc/letsencrypt/live/production

If that works, then we need to also make sure the automatic renewals use the correct domain name going forward, which is defined in the configuration of the certbot container - specifically in the file located at config/https.env under your odk-x folder.

If you edit that file to reflect the new domain name and then restarts the certbot container, I think it should use the updated valuesā€¦ (you probably want to check the logs from the certbot container, to make sure that it worked as expected).

//emil

If you re-run the script you can simply say no on a custom LDAP password and I believe it will leave the old settings in place.

Thank you, Emil and Waylon! I tried running by saying no to a custom LDAP password and it ended up updating a whole lot things and also gave many errors (which I unfortunately did not take note of), but everything except SSL worked even after all those errors. But the good news is that in a couple of days, it automatically got the SSL working! Thanks to you both for your help!