How to change web servers when website uses Cloudflare Universal SSL certificate

I’m switching hosting providers, and I want to know if I can just simply switch the DNS to the new server while using the Cloudflare Universal SSL certificate.

The current server uses Let’s Encrypt, but the site is being proxied by Cloudflare, and the site is now on the Cloudflare Universal SSL certificate. The new server, since it’s not live, it doesn’t have a certificate, but seeing that Cloudflare is using a Universal SSL certificate, I need to know if simply changing the Cloudflare DNS settings to point to the new server will keep the Universal SSL certificate. Or do I need to generate a new Let’s Encrypt certificate first?

The new server needs a valid ssl certificate first.

Simply copying the Letsencrypt certificate from the old server might be the easiest until you’ve set up Letsencrypt on the new server.

1 Like

Thanks for the reply.
I’m currently switching systems from no panel to CWP.
I’ve been talking with the hosting provider, and they keep saying that they can’t just copy the certificates.
They say I have to turn on Development Mode in Cloudflare, wait a “few seconds,” and then try to run the CWP plugin to get a new Let’s Encrypt certificate, but I don’t know if this will work like this.

Can I issue another certificate even though the domain already has another Let’s Encrypt certificate?
What will happen to the Universal SSL certificate if I switch the Cloudflare DNS to the new server without a certificate?
Do I have to turn on Development Mode before changing the DNS for the new server?
How long do I actually have to wait before running the plugin to get a new certificate?
If the server gets a new Let’s Encrypt SSL, will this cause the Universal SSL certificate to be invalid because the server had another Let’s Encrypt certificate?

CWP should allow you to install a certificate manually, see https://www.ssldragon.com/how-to/install-ssl-certificate/cwp/ (start at step 2).

If you want, you can change your DNS records to your new server and run the Letsencrypt plugin (I don’t see why development mode would be necessary) to gain a new certificate. But during that period, your server will be insecure and probably not work correctly.

If you want a seamless transition, install your old certificate manually before you make the switch.

Thanks again for the help, because I’m already super stressed out because of this.

Let me ask you. In the old server, letsencrypt/live I found these files: cert.pem, chain.pem, fullchain.pem, and privkey.pem

I am assuming the contents of the cert.pem goes into the “Certificate” section.
The privkey.pem goes into the “Private key” section.
But what do I enter into the “Certificate Authority” because I have two files left chain.pem and fullchain.pem.

That is the chain.

If you look at the files, you should see that fullchain just contains the contents of both the cert and the chain, as some programs want both in one file.

I’m going to try that.
I’m wondering why the technical support didn’t offer me that option.

1 Like

It appears that it’s working. Thank you. @Laudian, I love you so much right now.
Now, the AutoSSL from CWP generates and renews free Let’s Encrypt certificates. After I’m installed the certificate manually, will it renew when it is about to expire?

I suspect that the hosting support makes that recommendation because certain Cloudflare settings can interfere with ACME HTTP-01 challenges and Development Mode will bypass them if present.

2 Likes

If this is the case, does it mean I will have to turn on Development Mode once every 90 days for the renewal to happen? Thanks,

That’s not something that I can answer with the information available, although if you were successfully using an ACME HTTP-01 challenge on your previous server, odds are that it should continue working on the new server with no changes. I suggest that you monitor the next renewal to find out.

One last question. I was able to install the certificate on the server, so now it’s a matter of changing the server IP in the DNS settings of Cloudflare to make the change, right?

You got it!

1 Like