Last reviewed by Netlify Support - June 2024
IMPORTANT UPDATE
While many details in this support guide remain valuable information, the best guide for a zero downtime DNS migration can be found here:
However, there is still great information below and our support team will continue to link people to sub-sections of this support guide when they are relevant to someone’s particular situation or question.
The trick with migrating a live site is all in DNS timing.
Specifically, we can't get a new SSL certificate for your site until the Time To Live (TTL) value has expired from your old DNS values. The new DNS values for Netlify must first be in place and correct, and then issuing the certificate is a breeze!
Below are the steps to follow for a successful migration with minimal downtime. There are quite a few steps in this process, not gonna lie. But no worries, you got this. Take a read through all the steps before starting, so you can familiarize yourself with what you will need to complete the process.
Here we go!
-
Find the current TTL value for the record(s) pointing to your old provider. Pop open your terminal and run
dig yoursite.comor use Google’s online Dig tool.- In the output, you'll see a line like this in the ANSWER SECTION:
yoursite.com. X IN A a.b.c.din which X is your current TTL in seconds. Here is an example of what it will look like:
-
In the example this number is
2878. That is your current TTL value in seconds. -
Do this dig command for each hostname you will migrate to us (perhaps
yoursite.comandwww.yoursite.com?). Write these down in a safe place; we will come back to them in the last step.
- In the output, you'll see a line like this in the ANSWER SECTION:
-
Visit your domain registrar’s website (or your other current DNS host), and find the DNS records section. For each hostname, set a new, low TTL value - I suggest a value of 10 - for all existing DNS records pointing to your old DNS provider. Please do not yet update the IP address or hostname values to use our service! We are just updating the TTL value in this step.
-
Coffee break! Wait for your prior TTL value to pass , while your records still point to your old provider.
-
Now’s a great time to test things out! How can you do this? Two good ways: 1) use a command like
curl -vo /dev/null https://yourprodhostname.com --resolve yourprodhostname.com:443: 75.2.60.5to confirm that your SSL certificate is correct and the expected content is served (should it be an HTTP 301 redirect? or maybe content with HTTP 200? Or a password dialog with an HTTP 401?) or 2) you can override the DNS lookup for your hostname(s) following a guide like this one to override yourprodhostname.com with the address75.2.60.5which is an address that should return your site content, using your own SSL certificate. -
If you have any questions about whether you did this right - or any concerns about the following steps, now is the time to ask the questions, before you proceed!
-
Now you can change your DNS records to point to us . Follow the advice in this documentation: Custom domains | Netlify Docs
-
Wait for the new, low TTL value to expire (if you’ve set a value of 10, wait 10 seconds).
-
Almost done! Time to clear the cache. Visit Svuota cache | Public DNS | Google for Developers and for each hostname you will use, clear the cache for records of type "A", like so:
-
Now you can get your SSL certificate! Back at Netlify, go to Settings - Domain management - HTTPS and provision a certificate. Now that you've updated DNS and any old cached values have expired, your certificate can be issued.
-
Assuming that worked ( you should test in a browser! ), then you can move the TTL back upwards in value to the old value you copied down way back at step 1. A super-low TTL is not a general best practice, just useful during migrations like these.
You’re done! Let us know how it went in the comments below!
