Iam running couple of sites with letsencrypt. Now I want to move the sites to a new machine. I will assign the ip of old machine to new machine after migration.
To test if letsencrypt will work properly with new machine, I copied the /etc/letsencrypt (preserving symlinks) from old machine to new machine and all nginx set-up between old and new machine is similar. However I have not yet changed the dns entry of the websites, so dns entry is still pointing to old machine.
Now my question is I ran certbot renew --dry-run on new machine (its ip is still not in dns records) and it passed. How can it pass if ip of new machine is not in dns records? Iam using webroot authentication for one of the sites and nginx for another.
If yes: The valide authorization (one per domain name) is 30 days cached. So if you use the same account (per copy), you can use this without a new validation.
Thanks for reply Juergen. I did certbot renew --dry-run on old server. So you mean when I copied /etc/letsencrypt from old server to new one, the cached copy of certs also got copied and so certbot renew --dry-run works on new server?
Also is the procedure that Iam using to move certs from old server to new server i.e. copying /etc/letsencrypt (preserving links) correct?
After I assign public ip to new server, I intend to run certbot renew --force-renewal once to see if certbot is working properly. Or is there another way to confirm if certbot is working properly?
I intend to migrate in couple of days and my certs have more than 50 days validity. However on migration I want to ensure certbot works properly. So I was thinking of running certbot renew --force-renewal to verify certbot works properly.