Backup /etc/letsencrypt with rsync from remote to local

Hi, I ran the following command locally with rsync to backup /etc/letsencrypt/ from a VPS to my local machine:

$ mkdir letsencrypt_backup
$ cd letsencrypt_backup
$ rsync -chavP --stats root@redacted_IP_address:/etc/letsencrypt .

I decided to use rsync after reading:

MAKE SURE to always keep backups of /etc/letsencrypt, on external media. Use of rsync is recommended, for backups, as it handles backups incrementally and it’s generally quite robust. Refer to the rsync manpage for info.[1]

I wrote the above rsync command based on information found on the web.

I would like to know whether that rsync command is appropriate to backup /etc/letsencrypt/. Is it?

I imagine that you'd like to know what the certificates are used for: there are two certificates in that folders, one is used for a static website, and another one used for an instance of Jitsi. Also, I am wondering whether it makes sense to backup the Jitsi-one at all. Any feedback is welcome.

P.S. I read in Best Way to Backup letsencrypt folder - #2 by sahsanu that backing up with cp and tar is okay. I went for rsync based on the above quote.

[1] Fedfree – Nginx web server on Debian with LetsEncrypt HTTPS and Certbot

You should use rsync options that preserve symlinks

I don't use rsync myself but a quick look at its docs say certain settings are required for that.

And, as for that Fedfree blog, I suppose in the end it gets you set up but it has some basic misunderstandings of how Certbot works. As one example it does not understand how standalone, webroot, and renew should work. Thus, the entire process is far more awkward than it needs to be.


I wouldn't use that documentation at all. While everybody is entitled to their own opinion, in my opinion stating that you can better get 2 separate certificates for and because otherwise they would, as "separate domains", share a single keypair and that "may prove to be a headache later on".. Well.. I don't know. I call it simply the manure of an adult male of the species Bos taurus.

That said, the use of --links (or the short form -l) is required to actually make rsync copy the symlinks as actual symlinks instead of ignoring them. This option is enabled with the --archive option (short form is -a), so you're good with that.


Thank you for the feedback on Fedfree; I will read more about Certbot then. And thanks for point out that symlinks should be preserved - -a equals -rlptgoD, thus includes -l which preserves symlinks.


Thank you for the feedback about Fedfree, and extra info regarding symlinks.

Which webpage/documentation would you follow to set up Certbot for a website?


Depends on your requirements and exact setup, but for simple setups I'd point the user to


I will use it. Thank you, Osiris.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.