Do I need copy dhparam.pem file when I move certificates to a new server?

kiwenlau · November 30, 2017, 7:07am

I need to move certificates and nginx from server A to server B.

I will copy entire /etc/letsencrypt from A to B. It’s OK.

But, I found that nginx also needs dhparam.pem file on A:

ssl_dhparam /etc/ssl/certs/dhparam.pem;

Do I need to copy dhparam.pem from A to B?

Or Can I just generate new dhparam.pem on B?

Thanks too much if someone can provide some details about WHY.

_az · November 30, 2017, 7:19am

DH params are used during key exchange and are not linked to your certificate in any way - https://weakdh.org/sysadmin.html

Only your private key is tied to your certificate.

So, you can safely generate new DH params on the new server and everything will continue to work as before.

system · December 30, 2017, 7:19am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
[SOLVED] Unverified SSL (Nginx) Server	8	11541	October 24, 2015
Copy wildcard to a second server Help	8	973	December 11, 2022
Migrate certificates from one server to another? Help	4	599	October 29, 2019
Cannot load certificate Help	9	6213	December 9, 2020
How to migrate the cert and the key to another server? Help	3	2040	July 14, 2017