ACME directory move to another host with SAME OS (debian)

The operating system my web server runs on is (include version):
debian 3.6.59
My hosting provider, if applicable, is:
N/A hosted on VM
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
NO, VM host OS
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):ACME

Original debian host VM failed it was being used as a form of proxy renewal for another host with the certs being copied over the LAN to another server (still working and in use). I have managed to salvage the .acme.sh/ directory with all the account.conf acme.sh,acme.sh.csh,acme.sh.env,acme.sh.log,ca,dnsapi,http.header, notify and the /domain directory that contains the relevant .cer .conf .csr .csr.conf and .key.
Question is can I simply initiate a renewal this after it being copied to another server ? Permissions are correct. I didn't set up the original install so am blind as to the original configs and would rather not have to re-configure everything....

Yes, there is no problem with copying your ~/.acme.sh directory to another server. Assuming the original set up did not involve any external hooks outside of that directory and assuming you copied the web server configuration over verbatim, it should be totally self-contained.

Make sure that you re-add the cronjob on the new server:

acme.sh --install-cronjob

Since acme.sh does not have a --dry-run feature, you can only really see whether your renewals will work by actually renewing them. You can see whether the below command works, which won't renew anything until your certificates are due for renewal, but it should give you an idea if it's reading the files correctly:

acme.sh --cron

Set up a calendar reminder for a few days before your next expiring certificate expires, and check that it renewed properly.

3 Likes

Thankyou AZ ! Well i copied the .acme.sh directory into the correct home folder and then issued wget -O - https://get.acme.sh | sh -s registeredemail@notadomain.com, this downloaded the latest acme version but didnt overwrite the certs or directories - as this certificate is a mix of cloudflare dns api and standalone it needed socat installing which i did and to test i issued a command to renew without having any NAT ports forwarded (causing it to try and renew and fail ) All is well and this is the most simplest option when you may not know the previous email registration or potentially Cloudflare API KEY.
thankyou !

1 Like

Are you sure about that version number?

https://wiki.debian.org/DebianReleases

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.