Hi Folks - I moved servers - copying the Apache configuration and /etc/letsencrypt to the new server. Everything went well but now when I have to renew I cannot. I get all types of errors.
I think that the easiest way would be to remove the Let’s Encrypt certificates and re-enroll.
Is there a documented process for this?
Thanks!
(Yes, I KNOW that I did a really dumb thing forgetting to copy my backups as well )
Part of the issue is that the symbolic links probably weren’t preserved. That’ll cause some fun.
Assuming you don’t need the existing certificates, just rename /etc/letsencrypt and run certbot as if you’re requesting a certificate for the first time. If everything works properly, you can then delete the renamed directory once you’re sure you won’t need the contents.
I have it working again. Here is what I had to do - much of it is similar to getting the “starter” Apache 2 SSL set up
You need to create the self-signed certificates first (e.g. “sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt”)
Once that is done, you need to create the SSL vhost files (assuming you are using virtual hosts - I am) using the self-signed certificates. You can (I did, at least) use the same self-signed certificate for each vhost. The important thing to note here is that letsencrypt must have apache running ssl already. It will not work if apache is not up and/or there are no ssl sites. (This drove me mad for a couple of hours!)
Once this is done you can back up your /etc/letsencrypt directory (you could probably blow it away but you are probably paranoid now )
Restart apache (e.g., apache2ctl restart - by this time I will terminate with extreme prejustice )
Check to see if your sites are up and running. Your web browser probably will give you an insecure warning. That is okay - we will be putting real certificates in place; you just need to ensure that apache is working with ssl.
Run letsencrypt --apache ya-da, ya-da, ya-da
You might have to restart apache manually after it finishes but that’s okay
Now, don’t forget to:
Back up you letsencrypt directory (I am really paranoid now )
Back up your apache config files (Yes, I am really paranoid now)