Do I need backups of my certificates?


#1

I just set up my certificate and it works like a charme but right after my first generated certificate Lets Encrypt told me to backup the /etc/letsencrypt directory.

Do I really need to do this?
In case that the server crashes, isn’t it possible to simply create a new certificate?


#2

you can just re-create, but during public beta there’s rate limits applied Public beta rate limits


#3

Awesome, thank you!
Won’t have problems with any rate limits since I just need very few certificates for subdomains.


#4

You certainly can just create a new certificate, but it’s good practice to keep a backup just to be safe. Your account keys are also saved in that directory, and you may need those if you want to do other certificate related actions like request a revocation.


#5

Certificates can be downloaded
a) crt.sh in the source of asn.1 view
b) via serial number on LE


#6

nice… but wouldn’t you need the private key too for some web server configs which would be located in same directory as certificates. So I assume loosing certs would be loosing private key too.


#7

Yes. If you want to make use of the certificates, you’ll need the private key. As the certificate itself is published, you could probably download it elsewhere, but you might as well back that up at the same time.


#8

You have your server backed up anyway, right? :wink:


#9

most folks backup their site data but maybe neglect other system located files as such heh


#10

a) crt.sh in the source of asn.1 view

Just click on “Certificate” and you will get PEM Base64: