Secure Hosting - (Rehosting a secure site to DH)


#1

I am rehosting my secure site to “fully hosted” Dreamhost (DH) from Surpasshosting (SPH).
I have 10 months left on the Godaddy ssl cert, so will rehost the Godaddy cert also, who is also the registrar.
I want to minimize rehosting down time.
I have pre-created the domain on DH, but nameservers are still pointing to SPH.

QUESTIONS - before I do anything to the cert:

  1. I need to “Add Secure Hosting” in DH. WILL THIS WORK IF nameservers are still pointing to SPH, or do I have to cut over the nameservers first?

  2. My understanding is I need to generate a NEW CSR from DH, and use this to RE-KEY the Godaddy cert, then download the crt/bundle zip file to install/submit to/on DH (not sure of that procedure yet - SPH support installed these for me). Is this install of the cert/bundle done during the “Add Secure Hosting” steps? OR can I do this later?

    a - will gen’ing a new CSR on DH affect anything by just creating it since namesrvs are not pointing to DH yet? But is there a behind the scene update at the Cert Authority? (I’m thinking not but don’t know if they maintain a master DB who’s who that’s live against certs).

    b - Not knowing the procedure (the panel does not pre-explain steps “adding Secure Hosting” will entail), what are the steps? I’m sure it’s somewhere in the WIKI, but ever hear of the phrase “too much information”?

– notes –

As a NEW USER at Dreamhost, I my wish list on this critical process would be a wizard approach that had pre-instructions:
A. asking if this is a NEW site or RE-HOSTING a site?
B. if RE-HOSTING asking “if” NameServer has been cut over to DH yet (so this again would be a Y/N question if is required (I don’t know if it’s required).
C. asking if you have you own cert or are buying from DH?

Thanks for any help by anyone!


#2

FROM SUPPORT FOR OTHERS TO LEARN FROM:

It will work because the name servers set for the domain do not control whether you can actually add things or not in the Dreamhost system. Will what you do here be visible to the public internet? No, it will not, until the name server change.

You can add secure hosting first. You need to be sure to use a “self-signed” certificate (do NOT order a professional one from the
Dreamhost panel). That turns on https for you. You later come back with the certificate from GoDaddy and install it, replacing the self-signed certificate with it and its bundle of intermediate certificate in the forms for them on the panel.

No. As noted above, nothing you do in the system here affects what visitors see on the internet until you change the name servers for the domain.

I’m sorry about that. The possible steps are on the wiki, actually: http://wiki.dreamhost.com/Secure_Hosting

The choice of self-signed vs ordering from Dreamhost or using another provider’s certificate is provided on the panel when secure hosting is being added as well as later, when secure hosting is already active, but I can see that it might be confusing when seen initially (item C). Re-hosting is nothing more than moving a domain from another host to us; the distinction of whether it was hosted here previously doesn’t matter unless there’s still hosting setup for it here on a different hosting account), which is items A and B, so if you add hosting for a domain, a reminder about the name server change is briefly shown, but, again, that doesn’t mean it can’t be missed. Hopefully, I’ve clarified a bit. If not, let me know what’s still fuzzy.

Thanks! Ryan C