Do I need backups of my certificates?

bernd_b 2015-12-04 00:48:50 UTC #1

I just set up my certificate and it works like a charme but right after my first generated certificate Lets Encrypt told me to backup the /etc/letsencrypt directory.

Do I really need to do this?
In case that the server crashes, isn't it possible to simply create a new certificate?

eva2000 2015-12-04 01:04:59 UTC #2

you can just re-create, but during public beta there's rate limits applied https://community.letsencrypt.org/t/public-beta-rate-limits/4772/3

bernd_b 2015-12-04 01:19:44 UTC #3

Awesome, thank you!
Won't have problems with any rate limits since I just need very few certificates for subdomains.

motoko 2015-12-04 01:20:04 UTC #4

You certainly can just create a new certificate, but it's good practice to keep a backup just to be safe. Your account keys are also saved in that directory, and you may need those if you want to do other certificate related actions like request a revocation.

tlussnig 2015-12-04 09:58:50 UTC #5

Certificates can be downloaded
a) crt.sh in the source of asn.1 view
b) via serial number on LE

eva2000 2015-12-04 15:36:57 UTC #6

nice.. but wouldn't you need the private key too for some web server configs which would be located in same directory as certificates. So I assume loosing certs would be loosing private key too.

motoko 2015-12-04 17:33:32 UTC #7

Yes. If you want to make use of the certificates, you'll need the private key. As the certificate itself is published, you could probably download it elsewhere, but you might as well back that up at the same time.

mikeskril 2015-12-04 19:06:31 UTC #8

You have your server backed up anyway, right?

eva2000 2015-12-04 19:10:32 UTC #9

most folks backup their site data but maybe neglect other system located files as such heh

selecadm 2015-12-05 23:34:15 UTC #10

a) crt.sh in the source of asn.1 view

Just click on "Certificate" and you will get PEM Base64: