Welcome to Headwind MDM Q&A, where you can ask questions and receive answers from other members of the community.

0 votes
I need to change the domain name of the service.

I have created a new DNS record for the server, but the new domain reports the certificate error. How should I proceed?
by (11.9k points)

1 Answer

0 votes

The following steps must be done to change the domain name (when you're using HTTPS via LetsEncrypt):

1. Create a new DNS record (do not remove a DNS record for a legacy domain!) and make sure it resolves to your server's IP address.

2. Edit the script letsencrypt-ssl.sh and change the DOMAIN to the new one. Run the script to get a certificate for a new domain.

3. Add a new domain and its certificate to /var/lib/tomcat9/conf/server.xml (and keep the legacy domain certificate). Create a file backup before updating!

OLD:

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

               maxThreads="150" SSLEnabled="true">

        <SSLHostConfig>

            <Certificate certificateKeystoreFile="/var/lib/tomcat9/ssl/legacy.domain.jks"

                     type="RSA" certificateKeystorePassword="123456" />

        </SSLHostConfig>

    </Connector>

NEW:

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

               maxThreads="150" SSLEnabled="true" defaultSSLHostConfigName="new.domain">

        <SSLHostConfig hostName="new.domain">

                <Certificate certificateKeystoreFile="/var/lib/tomcat9/ssl/new.domain.jks"

                         type="RSA" certificateKeystorePassword="123456" />

        </SSLHostConfig>

        <SSLHostConfig hostName="legacy.domain">

                <Certificate certificateKeystoreFile="/var/lib/tomcat9/ssl/legacy.domain.jks"

                         type="RSA" certificateKeystorePassword="123456" />

        </SSLHostConfig>

    </Connector>

4. Restart Tomcat to apply changes, and make sure both domains are working. If they aren't, rollback the configuration file and check the Tomcat logs to diagnose the issue.

service tomcat9 restart

5. If your domain is behind the NAT and you have previously adjusted /etc/hosts file, add the new domain to /etc/hosts.

5. Update the domain name in the XML configuration file /var/lib/tomcat9/conf/Catalina/localhost/ROOT.xml, attributes base.url and mqtt.server.uri. Restart Tomcat to apply the changes.

6. Make sure MQTT socket has been bound successfully, by running a command on an external server:

telnet new.domain 31000

7. Sign in to Headwind MDM web panel (using a new domain), and open the "Applications" tab. You will see that application URLs are containing the legacy domain. For each application in the list, click the "Versions" icon, then "Edit", and replace the domain in the URL.

8. For each configuration, click "Edit" and open the "MDM settings" tab. In the "New server URL" field, type the URL of the new server.

Save the configuration to apply changes. This will tell the devices to change the server URL.

9. The migration to a new domain name is completed. In a few days (when you will be sure that all devices are migrated), you can remove the legacy DNS record. 

by (11.9k points)
edited by
...