How can I move ssl key files to new server?

I am using let's encrypt ssl key with my domain on ubuntu 18.04, and I have to move my web server to ubuntu 20.04.
How can I move it ssl keys entirely?

If you used Certbot, you can archive the contents of /etc/letsencrypt (using tar, for example) and extract it on your new server.


And intall certbot on new server surely?
Should I use sudo certbot --apache on new server?

Yes, you'd install Certbot on the new server.

Running certbot --apache may not be necessary, it depends.

If you are copying your Apache configuration to the new server and it already uses your Let's Encrypt certificate, it should be sufficient to just copy the contents of /etc/letsencrypt.


Remember that you need to:

  • Securely transfer the files, as the private key needs to be kept private;
  • Don't dereference symbolic links. AFAIK tar keeps symbolic links intact by default, so that's good, but for example zip requires the -y option or otherwise you'll end up with an archive without symbolic links, which will confuse Certbot and will give an error when renewing.

I used sudo tar -chvzf certs.tar.gz /etc/letsencrypt /etc/newdir
then copied to the new server
scp certs.tar.gz user@

The -h option stands for --dereference, which is what you should NOT do:

   -h, --dereference
         Follow symlinks; archive and dump the files they point to.

This makes that tar won't store symlinks as symlinks, but store the files the symlink is pointing to. Which is the opposite as what my tip above is.


Do you mean simply use by zcvf ?

I'm not sure about the order, but yeah, leave out the h.