Confused about backing up keys and account credentials

Hello @letsyoyo,

Keep in mind that those 4 pem files inside live/example.com dir are not regular files but symbolic links pointing to the real pem files located in archive/example.com

Example listing live/example.com dir:

$ sudo ls -l /etc/letsencrypt/live/example.com/
total 0
lrwxrwxrwx 1 root root 35 Mar 14 01:47 cert.pem -> ../../archive/example.com/cert1.pem
lrwxrwxrwx 1 root root 36 Mar 14 01:47 chain.pem -> ../../archive/example.com/chain1.pem
lrwxrwxrwx 1 root root 40 Mar 14 01:47 fullchain.pem -> ../../archive/example.com/fullchain1.pem
lrwxrwxrwx 1 root root 38 Mar 14 01:47 privkey.pem -> ../../archive/example.com/privkey1.pem

You user has no rights to access /etc/letsencrypt/live/example.com/ (that is the reason you are using sudo, right?)... well, keep in mind that shell is trying to expand *.pem before executing sudo, that means that the shell is trying to get the file names matching the pattern *.pem before it has the rights to read the contents of that dir so as the shell can't expand the pattern *.pem it is passed literally to sudo and when cp is executed by sudo it cannot find a file named *.pem, that is the reason for the cannot stat error.

So, if you want to copy the contents of live/example.com, copy the entire dir and use -L switch to copy the real files instead of the symbolic links

sudo cp -rL /etc/letsencrypt/live/example.com/ ~myuser

If you still want to use the *.pem pattern you should execute it inside a shell launched by sudo:

sudo sh -c 'cp -L /etc/letsencrypt/live/example.com/*.pem ~myuser'

Maybe a better approach is just copy the archive dir that is where your real pem files are located.

sudo cp -r /etc/letsencrypt/archive/example.com/ ~myuser

But the best approach is backup the entire /etc/letsencrypt dir. There you have not only the certs, the keys used for those certs, etc. but the renewal info, your account details used to revoke certs, etc. so yes, please, backup all.

sudo cp -r /etc/letsencrypt/ ~myuser

Edit: If you copy the files, the owner of that files will be root, if you want to view the contents using your user you should chown the copied dir.

sudo chown -R myuser:myuser ~myuser/letsencrypt/

Cheers,
sahsanu

4 Likes