Domain with subdomains are: www.somedomain.co, somedomain.co, dashboard.somedomain.co and so on.
The question is whether can i use existing certificates on another new server and if yes then how to do it better.
Revoke old cert on the old server and generate new on the new server or copy existing from old to new server?
Yes, you can. Don't forget to transfer the private key in a safe manner.
Note that if you’re using Certbot and migrating to a new server (e.g. Decommissioning the original one) you will want to copy the entire /etc/letsencrypt directory in a manner that preserves symlinks. Certbot relies on these heavily and your renewals will break if you mess them up.
That being said, if you are indeed migrating, it’s almost easier just to re-issue on the new server. You don’t need to revoke - that’s not the purpose of revocation. That’s for if your private keys are exposed.
If not migrating, you can also just copy them across and use the same certificates on two servers. Just be sure to reload the server software to pull in the new certificate every time you copy over a renewed version.
Thanks Jared.m and Osiris. I have copied entire letsencrypt folder to the new server and all seems works fine.
But i have a question. What i should do when my cert will expire (in 2 months)? Can i renew cert using Certbot command on a new server or i should do it on the old server and then just copy folder again to the new server?
You should do it on the new server - at least to verify that the copied directory structure actually works with your new installed certbot. If you did not yet migrate all domains to the new server, you then would have to sync your /etc/letsencrypt to the old server.
Well, you should probably do that. Really you need to renew from whichever server is able to respond to the challenges correctly. If the old server is still handling requests, you’ll need to do it there until the new server is. (Unless you use DNS challenges, then either server will work.)
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.