Best way to migrate and create letsencrypt certs on new server


My domain is:,,,,
I ran this command:
certbot renew --dry-run

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/”, line 64, in _reconstitute
renewal_candidate = storage.RenewableCert(full_path, config)
File “/usr/lib/python3/dist-packages/certbot/”, line 439, in init
File “/usr/lib/python3/dist-packages/certbot/”, line 498, in _check_symlinks
“expected {0} to be a symlink”.format(link))
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/ to be a symlink
Renewal configuration file /etc/letsencrypt/renewal/ is broken. Skipping.

Processing /etc/letsencrypt/renewal/

Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
Waiting for verification…
Cleaning up challenges

new certificate deployed with reload of nginx server; fullchain is

** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/ (success)

Additionally, the following renewal configuration files were invalid:
/etc/letsencrypt/renewal/ (parsefail)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)

0 renew failure(s), 1 parse failure(s)

My web server is (include version):
Nginx 1.14(EasyEngine)

The operating system my web server runs on is (include version):
Ubuntu 18.04

My hosting provider, if applicable, is:
Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

So I am trying to migrate letsencrypt from a current production server running on a LEMP stack with Ubuntu 16.04 to a new VPS running Ubuntu 18.04 and PHP 7.2, it currently is running on there and is live with a developer tweaking the wordpress for the multimedia team. However after migrating the certificate it gives me this error, how can I resolve it so I can finish the Wordpress migration of the main site.
Also how can I go about adding the additional domain(s) TLS to the server, as we have acquired two more entities and they want to move over to our VPS, one of which currently has a TLS of their own their managed provider and the other doesn’t have one.
Because I want them to be able to be auto-updating their certificates like the main site does and media does as well as the upcoming memes site.


Honestly, it’s probably easier to start from scratch on the new server. There’s no real need to migrate them - it’s not like you’re paying or anything.

The reason this failed is that however you migrated the /etc/letsencrypt directory did not preserve symlinks. The structure of this directory is really important, and Certbot is very specific about it.


how can I copy it whilst preserving symlinks


Likely with rsync -a, but I’ll echo the opinion that it’s almost always much easier to simply start over with a new certificate on the new machine.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.