Hello. I’m new to LetsEncrypt. I have installed certificates 2 months ago. For a domain and a few subdomains. They are all on one server, but I want to move one subdomain to a separate VPS.
So I guess the simplest way to make it work would be to renew the certificates on primary VPS, move the subdomain to another VPS and copy generated certificates there. And when time comes to renew them again, I would have to copy them again to the secondary server. Am I right?
This got me thinking, couldn’t I just install certbot on my computer, generate certificates from there and upload them every 2 months to my servers? If that’s possible, how could I do that?
To issue certificates Let’s Encrypt need proof you control each name in the certificate. Machines which serve up a website with that exact name can easily prove this. So the new VPS should be able to run certbot or another client to get certificates for the site it serves, no problem.
You can also prove control to Let’s Encrypt via DNS changes. If you’re comfortable doing this from some other computer you can issue the certificates there. But if that’s not something you’ve done before it’s probably not the easiest option.
You could use the GetSSL client - it's specifically designed for running on one computer, and validating via DNS or anther server, and uploading the certs to those servers automatically.
On the other hand, unless you want all the different subdomains on the same cert, I'd have thought it was as easy in this case just to install certbot on each VPS and create the certs for the server on the server ( assuming they are standard, modern VPS )
By default GetSSL would copy and use your current cert, until it was due for renewal - although you could just create new certs if you wanted to.
Certbot doesn't currently support the DNS challenge, although it is planned soon. There are a number of alternate clients that support the DNS challenge ( certainly all the Bash and Go ones )
You need to either restart or reload apache (I prefer reload, as it doesn't affect existing connections ).