I am using let's encrypt ssl key with my domain on ubuntu 18.04, and I have to move my web server to ubuntu 20.04.
How can I move it ssl keys entirely?
If you used Certbot, you can archive the contents of /etc/letsencrypt (using tar, for example) and extract it on your new server.
5 Likes
And intall certbot on new server surely?
Should I use sudo certbot --apache on new server?
Yes, you'd install Certbot on the new server.
Running certbot --apache may not be necessary, it depends.
If you are copying your Apache configuration to the new server and it already uses your Let's Encrypt certificate, it should be sufficient to just copy the contents of /etc/letsencrypt.
4 Likes
Remember that you need to:
- Securely transfer the files, as the private key needs to be kept private;
-
Don't dereference symbolic links. AFAIK
tarkeeps symbolic links intact by default, so that's good, but for exampleziprequires the-yoption or otherwise you'll end up with an archive without symbolic links, which will confuse Certbot and will give an error when renewing.
5 Likes
I used sudo tar -chvzf certs.tar.gz /etc/letsencrypt /etc/newdir
then copied to the new server
scp certs.tar.gz user@192.168.1.12:/home/user
The -h option stands for --dereference, which is what you should NOT do:
-h, --dereference Follow symlinks; archive and dump the files they point to.
This makes that tar won't store symlinks as symlinks, but store the files the symlink is pointing to. Which is the opposite as what my tip above is.
6 Likes
Do you mean simply use by zcvf ?
I'm not sure about the order, but yeah, leave out the h.
5 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.