1 Topic by ms2504

  • ms2504
  • Member
  • Offline
  • Registered: 2019-06-15
  • Posts: 63

Topic: Best practice to move a server.

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):   1.2.1 - MariaDB
- Deployed with iRedMail Easy or the downloadable installer?  downloadable
- Linux/BSD distribution name and version:  CentOS 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):   MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro?  NO
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.

- SSL:  Letsencrypt certificate.
====

I need to move a mailserver to a new location because of the line: it's often down.

I'm going to follow these steps:
- revoke Letsencrypt certificate
- shutdown the pc and move it to new location
- change DNS record to point to new static IP
- start the server in new location and change ip/gateway accordingly
- issue a new Letsencrypt SSL certificate
- go run..

Do you think I'm missing some steps?
With the new SSL certificate, do you think clients (Microsoft Outlook, iPhones, etc..) will need to be reconfigured?
Thaks.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by MuPp3t33r

  • MuPp3t33r
  • Member
  • Offline
  • Registered: 2017-01-17
  • Posts: 149

Re: Best practice to move a server.

are you planning on doing a fresh installation of iredmail on the new server or are you migrating/cloning the whole existing server as-is? It is generally recommend to do a fresh installation in the new environment and migrate configs/data/databases, that way you don't have to worry about potential issues with cloning and/or hardware differences

either way, revoking the LE certificate is not a requirement, since they expire in 90 days anyway, but you can do it if you feel like it.

Assuming downtime needs to be as short as possible, then it's probably best to get the new server up and running before you shut down the old one, that way as soon as the DNS is switched you will have a seamless transition to new server.
As long as the configuration and data is synchronized between the servers then the transition should be fairly seamless for the users, they might get a prompt to accept the new certificate, but otherwise I don't expect any issues.

Typically I would have my main server with A record mail01.domain.tld with a cname for mail.domain.tld - then have my second server as mail02.domain.tld, once new server is ready just change the cname record to point to new server and then re-sync any mails in /var/vmail/vmail1 that have changed since I last synced

Tip: make sure your TTL on DNS entries is set to something short like 5 mins, before you go about changing the record's value (IP address). If your TTL is currently high then you might have to wait some time before the changes go live.
You might be interested in trying CloudFlare to manage your DNS, they are very fast with their updates, easy to use and full of nice features, even on free package smile

https://docs.iredmail.org/migrate.to.ne … erver.html

3 Reply by ms2504

  • ms2504
  • Member
  • Offline
  • Registered: 2019-06-15
  • Posts: 63

Re: Best practice to move a server.

Thank you for your reply!

There is a main server (let's say mail.mydomain.tls) working and it stays where it is (so mail service is not discontinued).

The server I want to move (let's say mail2.mydomain.tld) is a backup server installed just a couple of months ago. The place where it is, does not have a stable/reliable internet connection, so I whant to move it elsewhere.

I don't want to create another new mail server, just move the existing one, so it will change the public IP address.

The matter is about Letsencrypt certificate:  is it linked to public IP, so changing it I have to revoke the old one and recreate a new one with the new public IP ?

Or I can move the server, change DNS record accordingly, and the LE certificate should work?
In this case, mail clients should not complain about LE certificate changed.. I guess.

4 Reply by MuPp3t33r

  • MuPp3t33r
  • Member
  • Offline
  • Registered: 2017-01-17
  • Posts: 149

Re: Best practice to move a server.

Ah, in this case I don't think you should have any issues, letsencrypt certs are issued to domain name, not IP address