Hi All,
Following on from our possibly compromised machine yesterday, i am trying to just build a new instance, restore a backup and flip the DNS.
However i cannot get passed the SSL cert page, using lets encrypt, due to the original install being active on the same address.
So I suppose my question is, what is the process you guys use to build a system in parallel to a live one in preparartion to flip over?
Kind Regards
Adrian
Submitted by volodya on Thu, 12/19/2019
Permalink
Submitted by AdrianSimpson on Thu, 12/19/2019
Permalink
We have been reviewing this
We have been reviewing this morning, and i think you may well be right. On a very low level - we are just trying to find out from the access log what the IP is and block it.
Kind Regards
Hello Adrian,
You can not request Let's Encrypt sertificate if the IP address is assigned to different server. You can migrate /etc/nginx/ directory. This will copy all confiruration including sertificate itself and all files required for renewal.
Do you think your system was compromised? From what you described yesterday it looked more like service denial attack.