objective: Moving a website to Google Cloud with a load balancer using Google's managed SSL without downtime.
current configuration:
A Google Load Balancer with unmanaged instance group that currently has 1 VM.
The website is using a cpanel which I have access to update the DNS settings.
The domain has a wildcare positiveSSL certificate.
The website is also using cloudfront SSL.
Problem: The main issue I have is configuring and provisioning SSL.
Mentally, before making the move, I'm thinking it should be a breeze. No.....!
Situation:
- I set up the load balancer but it can't provision the SSL because the domain is using positiveSSL on another server.
I read that I need to have a A record pointed to the load balancer in order for it to provision. I also read that for cpanel, if I were to make any changes to the A record, it will affect the mail service. I don't want the mail services to be disrupted.
I tried adding a new A record pointing to the load balancer's IP but it doesn't allow because the current A record is using Alias pointing to cloudfront's and I have to detach them first. I don't think this is a good move.
My planned ideal steps are to ensure the load balancer is functioning properly and pointing to the website correctly before I update the DNS.
I'm not sure if this approach makes sense technically, I set up a A record for a random subdomain to point to the load balancer's IP, the provisioning is successful but it returns an error
curl: (35) error:14084210:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
How should I go about doing it? I didn't know switching a server is so difficult.
