I have an Ubuntu 16.04 server running OwnCloud from my house with letsencrypt.
I would like to rename that server to home.example.com, and move the main certificates to a new server at digitalOcean.
It’s Apache.
So will that delete the old certificates from my home server? I can’t seem to wrap my mind around the mechanism that prevents certificate stealing. How would letsencrypt know the new DO server was allowed to call itself example.com??
It depends on your challenge type. The HTTP-01 challenge requires you to place a specific file with specific contents at .well-known/acme-challenge/ on your web server. The DNS-01 challenge requires you to create a DNS TXT record at _acme-challenge with specific contents.