Change self signed SSL to LE SSL

[bartdenhoed]

After I setup a site with a self-signed certificate, I want to change it to a LE certificate without removing my site.

[demyxco]

I believe you can update the sites SSL with

ee site update example.com —ssl=le

[bartdenhoed]

No you can't. It says "Error: Site example.com already contains SSL."

[jknight2014]

I can confirm this is valid. Any --ssl or --le commands with ssl enabled triggers the already contains SSL message. Including random characters. Seems like the check is just looking for the flag rather then checking the flag value. I have tried Disable, LE, Stop, Remove, and sldkjf.

[mbtamuli]

We will not support removing a certificate, that is, upgrading the site from SSL enabled(whether custom SSL or LetsEncrypt) to SSL disabled.

But, this does seem like a bug. Thanks for reporting the issue.

[bartdenhoed]

Just for confirmation, you mean disabling certificates isn't supported but changing self-signed certificate to LE certificate does?

[pojke]

Confirming that it's not working and +1 to urgent fix. It's a pretty standard process to run self-signed SSL for testing new server before changing DNS entries and then once DNS entries are changed verifying LE. Currently, the only way to do that is to remove the site and create a new one.

[bartdenhoed]

That's exactly my problem ...

[kirtangajjar]

Just for confirmation, you mean disabling certificates isn't supported but changing self-signed certificate to LE certificate does?

Yes. Disabling won't be supported, changing self-signed certificate to LE certificate will be supported

[alanristic]

Is there any ETA on when this "switch" will be implemented?

[alanristic]

Is there any ETA on when this "switch" will be implemented?

And backward of course (both ways... self-->le and le-->self)... 🙌

...as I need --ssl=self if I want to use already issued cert I have. In this case I simply swap issued cert with self signed one in /opt/easyengine/services/nginx-proxy/certs? In this case EE shouldn't renew/overwrite cert I believe. (NOTE: I didn't test this, it's theory. So maybe this isn't true. My knowledge of all this SSL stuff is very limited.)

[BarbaraEster]

Me too! I Need change app for ssl with wildcard and not supported this. Just if create a new site with ssl right. is possible change manually? for dont this dele app and create a new site for install ssl right?

[vhtnam]

To disable site SSL, you can download SQLiteBrowser at https://sqlitebrowser.org/dl/. Then edit EasyEngine local db in /opt/easyengine/db/ee.sqlite with SQLiteBrowser. Open table sites, set column site_ssl to 0 then save. Now you can update your site with ssl.

[kamal-berrada]

Hello did you find any solution, I have the exact same problem .. ?

[aegis123]

Did it the way @vhtnam described and worked perfectly

just open sqlite 3 as root

sudo sqlite3

load the ee.sqlite database

.open /opt/easyengine/db/ee.sqlite

then execute following query

UPDATE site SET site_ssl = '' WHERE site_url = 'example.com';

and then run site update

sudo ee update example.com --ssl=le

[josergomezm]

Did it the way @vhtnam described and worked perfectly

just open sqlite 3 as root

sudo sqlite3

load the ee.sqlite database

.open /opt/easyengine/db/ee.sqlite

then execute following query

UPDATE site SET site_ssl = '' WHERE site_url = 'example.com';

and then run site update

sudo ee update example.com --ssl=le

Couple typos here. it should be UPDATE sites SET site_ssl = '' WHERE site_url = 'example.com'; and sudo ee site update example.com --ssl=le

but it didn't work for me.

[josergomezm]

I used a plugin to backup the site (Updraft). Then deleted the site, created it again, and restored the content with the plugin. Not ideal but oh well...