1. Home
  2. How To
  3. Install Guides
  4. Snapt Aria Migration Guide: LetsEncrypt v1 to LetsEncrypt v2
  1. Home
  2. How To
  3. Snapt Aria Migration Guide: LetsEncrypt v1 to LetsEncrypt v2

Snapt Aria Migration Guide: LetsEncrypt v1 to LetsEncrypt v2

According to best practices, it is highly advisable to backup or snapshot your Snapt One appliance VM. It is also recommended to take and download a backup of your Snapt ADC config. This can be done at Utilities -> Snapt Backup. Please install the Snapt One Backup plugin if not already installed.

The Snapt One LetsEncrypt version 2 plugin provides an automated migration functionality to migrate from a previous version. The following steps will assist with migrating from a previous Snapt One LetsEncrypt plugin as well as with getting up and running with the Snapt One LetsEncrypt version 2 plugin.

  1. Under Setup -> Modules & Plugins, Add plugins tab then ‘Misc’ sub-tab. Install Lets Encrypt v2.
  2. Visit the LetsEncrypt 2 config page (Setup -> LetsEncrypt 2 -> Config). If the previous plugin version is installed, you will be prompted to choose whether you want to import your domain list and LetsEncrypt configuration from the previous plugin version.

  1. PRECAUTION:
    1. Before proceeding, please take a backup or snapshot of your VM, if applicable, otherwise please use the Snapt One Backup plugin as described in the introductory section above. In addition, please note:
    2. Unless auto-renewal was enabled in the previous Snapt One Lets Encrypt plugin, in which case that configuration setting is migrated over to the new version, SSL certificates already obtained will remain in place and can be viewed at Setup -> SSL -> SSL Certificates. If the auto-renewal functionality is enabled, per its usual operation, it automatically obtains new certificates and syncs them to the Snapt One framework’s SSL certificate location overriding any pre-existing certificates for the domains configured in the LetsEncrypt plugin. See step (8) for more information regarding auto-renewal and its implication for migration.
  2. Following the above, and having read step 3 above, on the Setup -> LetsEncrypt 2 -> Config page, click on the migrate button.
  3. When the migration process is complete, you will be notified as to how many domains were imported from the previous Snapt One LetsEncrypt plugin. This process automatically disables the Snapt One LetsEncrypt version 1 plugin.
    1. The number of domains migrated from the previous version of the Snapt One Lets Encrypt plugin that already existed under the Snapt One Lets Encrypt version 2 plugin domain list will also be reported.

  1. In the case that the migration process needs to be reversed, due to the highly unlikely case of a partial import or if the migration was accidentally initiated, the Config page (Setup -> LetsEncrypt 2 -> Config) of the Snapt One Lets Encrypt version 2 plugin provides a button to do this. 

    1. This restores your Snapt One LetsEncrypt version 2 plugin domain list to its state before the Snapt One LetsEncrypt version 1 plugin domain list import was done. If the auto-renewal is disabled, SSL certificates already obtained will remain in place and can be viewed at Setup -> SSL -> SSL Certificates. Please note that this does not re-enable the Snapt One LetsEncrypt version 1 plugin. This can be done manually by installing Snapt One Lets Encrypt plugin under Setup -> Modules & Plugins, Add plugins tab then ‘Misc’ sub-tab.
    2. If the auto-renewal functionality is enabled, it automatically obtains new certificates and syncs them to the Snapt One framework’s SSL certificate location overriding any pre-existing certificates for the domains configured. If reversion to the previous Snapt One Lets Encrypt plugin version is desirable and auto-renewal is enabled which might have overwritten some SSL certificates, SSL certificates can be restored by:
      1. Selectively restoring only SSL certificates from the Snapt backup taken prior to initiating the plugin migration. Upload the relevant backup file and select only the Snapt SSL checkbox for SSL certificate restoration.

      1. Where possible, a complete reversion of the Snapt One appliance VM to a previously taken back-up or snapshot. This is advisable when dealing with a list of about 600 domains or more. This method will also be quicker when dealing with domain lists of that size.
  1. Under Setup -> LetsEncrypt 2 -> Config, complete the LetsEncrypt version 2 plugin setup by accepting terms and conditions and entering an email address as required by LetsEncrypt. The email address field should already be populated if this was setup on the previous plugin version.
  2. If auto-renewal was enabled in the previous LetsEncrypt plugin version, it will be automatically enabled on the new plugin version as part of the migration process. In this situation, the domains will be automatically verified and resynced to the Snapt One framework’s SSL certificate location. For a domain list longer than 300 items, please note that auto-renewal will take some time to sync all the domains as they are processed in batches of 299 as per rate-limiting from LetsEncrypt.
    Otherwise, the domains need to be manually resynced and verified. This is done on the certificates page of the LetsEncrypt plugin (Setup -> LetsEncrypt 2 -> Certificates).
  3. Continue to add and manage domains for Snapt One LetsEncrypt version 2 certificate generation as per the Snapt One LetsEncrypt version 2 user guide. The Snapt One LetsEncrypt version 2 plugin is an improvement over the previous version and additionally supports wildcard domain and SAN certificates.
Updated on February 11, 2020


Was this article helpful?

Related Articles