Copy /etc/letsencrypt or regenerate to move?

Help
3

Hello @gilgongo,

Basically you should copy archive, live, renewal and maybe renewal-hooks directories from your old server and merge them in new server. Keep in mind files in live dir are symlinks.

Once done you should modify the account parameter in the old renewal conf files to use the account being used in your new server.

Example:

0.- Backup /etc/letsencrypt/ dir in both servers... just in case, you know :wink:

In old server:
tar pzcvf /root/backup_etc_letsencrypt_old_server.tar.gz /etc/letsencrypt/

In new server:
tar pzcvf /root/backup_etc_letsencrypt_new_server.tar.gz /etc/letsencrypt/

1.- Take note of the account used to issue the certificates in old and new server.

Method 1
grep account /etc/letsencrypt/renewal/*

Method 2
ls /etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/

I'm assuming your are using just 1 productive account.

So, lets say the account in old server is abcdef0123456789abcdef0123456789 and the account in new server is 0123456789abcdef0123456789abcdef

2.- In old server tar the directories that you will move:
tar pzcvf /root/moving_le_old_server.tar.gz /etc/letsencrypt/{archive,live,renewal}

If you are using some hooks for renewals tar also renewal-hooks dir:
tar pzcvf /root/moving_le_old_server.tar.gz /etc/letsencrypt/{archive,live,renewal,renewal-hooks}

3.- Send the file /root/moving_le_old_server.tar.gz to the new server.

4.- In the new server untar the file.
tar pzxvf /root/moving_le_old_server.tar.gz -C /

5.- Change the account in the renewal conf files copied from old server.
sed -i 's/abcdef0123456789abcdef0123456789/0123456789abcdef0123456789abcdef/' /etc/letsencrypt/renewal/*

And that should be all.

Use certbot certificates to see that all looks good and certbot renew --dry-run to check that the renew process won't have issues in a future.

Note 1: I assume you are using the same certbot versions on both servers or at least pretty close versions.

Note 2: As @JuergenAuer advised, double check all your certs won't expire in a few days and renew them if needed before the move (don't force the renewal or you could hit some rate limits).

Hope this helps.

Cheers,
sahsanu

1 Like