Certbot certificate copy issue

I want to move my certbot certificate from one server to another. I have currently performed the following steps.
Copied /etc/letsencrypt/archive/{certificate} to destination
Created directory /etc/letsencrypt/live/{certificate} at destination
Created similar symlink as source between /etc/letscrypty/archive/{certificate}

I was unable to fetch details using certbot certificates command. After which i copied /etc/letencrypt/renewal/{certificate}.conf to destination and i was able to fetch the result

But the issue is with the account details which i need to logged into this conf file.
I have brand new installation of certbot at destination and it does not container accounts folder in letsencrypt directory.
How can i get account information without having any certificate at the destination?

If you are going to copy Certbot certificates between servers, the easiest thing to do is just to copy the entire /etc/letsencrypt/ directory using something like tar.

This will ensure the required data and symlinks are preserved.

Doing so will also include the /etc/letsencrypt/accounts/ directory, which contains your ACME account credentials. You can safely use ACME accounts on multiple servers at the same time.

2 Likes

I need to copy single certificate from multiple sources. For example, I have three servers A,B and C. A and B contains 5 certificates each and C is a new server. I want to move 1 certificate from both A and B to C. What steps do i need to take so no information is lost ?

Well, what you have done so far:

  • /etc/letsencrypt/{archive,live}/example.com/
  • /etc/letsencrypt/renewal/example.com.conf

should be enough.

Even if the account ID noted in the .conf file is missing, Certbot will register a new one and replace it, at renewal time.

Yes, I have both archive and live things aligned as well as the renewal conf.
And if this is the case with account, I guess my certificate moving steps are done with. I will update here if there will be any case of renewal failure

If all else fails, you could try moving the entire folder and then delete the certs you don't need.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.