How do i transfer My certs over to a new VPS?

I want to use my certificate on a different machine them 2 I cant use since I reached my limit and the first I don't want to do the same mistake.

Best Regards,
Luke

My domain is: uts.blackwolf.host panel.blakwolf.host and blackwolf.host

I ran this command: none

It produced this output : never ran a command

My web server is (include version): 1.14.0

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: Google Cloud Compute

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0

2 Likes

Welcome to the Let's Encrypt Community, Luke :slightly_smiling_face:

Transferring certificates (and their private keys) for usage with certbot is not entirely straightforward. There's more to a "certbot certificate" than just a certificate and its private key. I started a topic in our lounge category a few days ago that suggests changes to certbot's behavior to address this issue that I hope to see implemented in an upcoming release. You need to be a regular, leader, moderator, or staff to see the topic at the moment, but I might open it up to the public depending upon feedback.

At present, we recommend not copying anything over and just using a clean install to acquire new certificates. This approach avoids so many problems. I could try to guide you through the painful nuances, but even making a single oversight in the process would make the effort more trouble than it's worth.

Once you have your new VPS fully functional, we can guide you through using the staging servers to ensure your setup is solid. Then we can work on getting you real certificates. This will keep you from needing to be concerned about the rate limits.


1 Like

Hmm, in the past I've just copied /etc/letsencrypt and haven't had any issues. Did I just get lucky, or is there state information stored elsewhere? (I'm just curious for my own edification; certainly if changing to a new server isn't an everyday occurrence then yes, probably just getting a new certificate on the new system is the most straightforward approach.)

2 Likes

Considering the symlinks under /etc/letsencrypt along with any configuration changes that may have been made outside of /etc/letsencrypt, more than a little caution needs to be taken. Part of the problem stems from certbot install not always doing what one might expect. This is part of why I have been calling for the addition of backup and restore commands and an overhaul of install for some time now. If your configuration is straightforward and well-maintained (and you're proficient with managing things), you are probably fine. I would think a tar archive would be a simple route rather than a straight copy though.

Let's face it, Peter, you're smarter than the av-er-age bear!

:bear:

2 Likes

Pretty sure the av-er-age bear doesn't even know how to copy from one Linux system to another.
So, yes, it is much simple to have them install fresh and just start over.

2 Likes

We do?
   

2 Likes

Do you want to ensure the integrity of the transfer and mesh the certificates (and their components) with the new configuration? Keep in mind that install is a cruel mistress...

2 Likes

That's for the user to figure out. I recommend tar in combination with a secure transfer method, such as scp. tar will preserve permissions (if untarred with -p if not root) and symbolic links.

The user should be able to copy over any Apache or nginx configuration files themselves.. Not rocket science.

I'd say getting a new certificate is just a last resort.

In any case, I was wondering who "we" were.. :wink:

2 Likes

For the "somewhat experienced", that works.
For the "complete novice", that's likely to make a mess.

2 Likes

From what I've heared, just clearing out your VPS and start over cleanly when encountering a mess is very popular nowadays and if you don't issue any new certs, you won't hit any rate limits either :smiley: You can just keep trying and learn :wink:

2 Likes

This post was flagged by the community and is temporarily hidden.

2 Likes

Those of us urging caution. I mean, if you want to play Evel Knievel, we brought popcorn and will cheer you on.

:popcorn:

:tada: :confetti_ball:

2 Likes