Different method to renew certificates that don't include access to the .well-known/acme-challenge directory?


#1

Thanks for any help.
I currently have access to old web server running nginx which I created a letsencrypt SSL certificate.

I’m attempting to move to a new server within the same domain that is running apache.

The original certificates were installed using a webroot method.
I was able to move the /usr/local/etc/letsencrypt directory from the old server to the new server preserving permissions.

Through a bunch of trial and error, I was able renew the certificates however the renewal process required access to the webroot/.well-known/acme-challenge directory to complete the process.

Is there another method I can use to renew the certificates that don’t require write access to this directory?


#2

You can specify a different root for the /.well-known/acme-challenge/ requests.
Then modify the webroot to match.

But from an ACME client view, it will always need to write to the:

You could also change it altogether - like by using DNS authentication.