Transferring certificates (and their private keys) for usage with certbot is not entirely straightforward. There's more to a "certbot certificate" than just a certificate and its private key. I started a topic in our lounge category a few days ago that suggests changes to certbot's behavior to address this issue that I hope to see implemented in an upcoming release. You need to be a regular, leader, moderator, or staff to see the topic at the moment, but I might open it up to the public depending upon feedback.
At present, we recommend not copying anything over and just using a clean install to acquire new certificates. This approach avoids so many problems. I could try to guide you through the painful nuances, but even making a single oversight in the process would make the effort more trouble than it's worth.
Once you have your new VPS fully functional, we can guide you through using the staging servers to ensure your setup is solid. Then we can work on getting you real certificates. This will keep you from needing to be concerned about the rate limits.
Hmm, in the past I've just copied /etc/letsencrypt and haven't had any issues. Did I just get lucky, or is there state information stored elsewhere? (I'm just curious for my own edification; certainly if changing to a new server isn't an everyday occurrence then yes, probably just getting a new certificate on the new system is the most straightforward approach.)
Considering the symlinks under /etc/letsencrypt along with any configuration changes that may have been made outside of /etc/letsencrypt, more than a little caution needs to be taken. Part of the problem stems from certbot install not always doing what one might expect. This is part of why I have been calling for the addition of backup and restore commands and an overhaul of install for some time now. If your configuration is straightforward and well-maintained (and you're proficient with managing things), you are probably fine. I would think a tar archive would be a simple route rather than a straight copy though.
Let's face it, Peter, you're smarter than the av-er-age bear!
Pretty sure the av-er-age bear doesn't even know how to copy from one Linux system to another.
So, yes, it is much simple to have them install fresh and just start over.
Do you want to ensure the integrity of the transfer and mesh the certificates (and their components) with the new configuration? Keep in mind that install is a cruel mistress...
That's for the user to figure out. I recommend tar in combination with a secure transfer method, such as scp. tar will preserve permissions (if untarred with -p if not root) and symbolic links.
The user should be able to copy over any Apache or nginx configuration files themselves.. Not rocket science.
I'd say getting a new certificate is just a last resort.
From what I've heared, just clearing out your VPS and start over cleanly when encountering a mess is very popular nowadays and if you don't issue any new certs, you won't hit any rate limits either You can just keep trying and learn