3 posts / 0 new
Last post
AdrianSimpson
AdrianSimpson's picture
Joined: 2019/03/13
Points: 20

Hi All,

Following on from our possibly compromised machine yesterday, i am trying to just build a new instance, restore a backup and flip the DNS.

However i cannot get passed the SSL cert page, using lets encrypt, due to the original install being active on the same address.

So I suppose my question is, what is the process you guys use to build a system in parallel to a live one in preparartion to flip over?

Kind Regards
Adrian

volodya
volodya's picture
Joined: 2017/01/05
Points: 250

Hello Adrian,

You can not request Let's Encrypt sertificate if the IP address is assigned to different server. You can migrate /etc/nginx/ directory. This will copy all confiruration including sertificate itself and all files required for renewal.

Do you think your system was compromised? From what you described yesterday it looked more like service denial attack.

AdrianSimpson
AdrianSimpson's picture
Joined: 2019/03/13
Points: 20

We have been reviewing this morning, and i think you may well be right. On a very low level - we are just trying to find out from the access log what the IP is and block it.

Kind Regards