Copy an existing certificate, install certbot and use it (no creation)

yamsellem · July 23, 2021, 2:38pm

I ran this command: sudo certbot certonly --nginx --cert-name poiscaille.fr -d poiscaille.fr -d www.poiscaille.fr -n --dry-run

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Nginx Web Server plugin (nginx)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator nginx, Installer None

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You are updating certificate poiscaille.fr to include new domain(s):
+ poiscaille.fr
+ www.poiscaille.fr

You are also removing previously included domain(s):
- R3

Did you intend to make this change?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(U)pdate cert/(C)ancel: U
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for poiscaille.fr
http-01 challenge for www.poiscaille.fr
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - The dry run was successful.

We're using this tutoriel to migrate a certificate from our previous server, to our current. We've moved some files (generated with certbot 0.31.0) but we do not know how to properly start with this existing certificate.

Plus, I don't understand the "new domains poiscaille.fr" and "removing R3" logs of this dry-run.

My web server is (include version): nginx 1.18.0

The operating system my web server runs on is (include version): ubuntu 20.04

My hosting provider, if applicable, is: ovh / digitalocean

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.40.0

Osiris · July 23, 2021, 2:59pm

I don't understand either, but my guess is somehow you mixed things up and the file which used to be cert.pem is now chain.pem.

Anyway, am I reading your post correctly and am I not seeing any other question?

yamsellem · July 23, 2021, 3:33pm

Sorry if I wasn't clear: how can we migrate an existing certificate from one server to another, install certbot on the new server, and configure certbot to use the existing certificate?

On our side, it seems not working or generating a -0001 new certificate.
Thanks for your help!

Osiris · July 23, 2021, 3:38pm

You could perhaps use rsync (securely through SSH!) to copy the entire /etc/letsencrypt/ directory over from server A to server B. Or use tar to pack that entire directory into a single file and untar it again. When tar is used as root user, it'll enable stuff like -p by default.

If you migrated /etc/letsencrypt/ properly, it should work seamlessly.

system · August 22, 2021, 3:38pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.