How to backup and restore Let's Encrypt Ubuntu server

Let’s say on my LAMP Ubuntu server I install Let’s Encrypt to move the site to HTTPS, and something happens to the server and I need to move to a new server and then recover from backup.
What’s the process to backup Let’s Encrypt, and then in the new server, how do I go getting Let’s Encrypt working again and restoring the certificate again?

Hi @mhweb,

That depends on what client software you're using. There are over 50 options, and none of them are actually called "Let's Encrypt" now, as that name is used only for the certificate authority service.

For most people in most situations the easiest option is simply to get a new certificate on the new server and completely ignore the existence of the old certificate. There is no restriction on the simultaneous existence and validity of overlapping or identical certificates, except for Let's Encrypt's own rate limits

However, if you only have one site and the server migration is a one-time or infrequent event, the rate limits shouldn't affect you at all in this circumstance.

If you do want to keep using your existing certificate or setup, you'll have to backup certain directories and make sure that they're installed on the new server in the same way that they were on the old server. For example, with Certbot, you can back up and migrate the /etc/letsencrypt directory (including symbolic link structure). Then Certbot would see the old certificates and configuration and continue using them, assuming that the configuration of the server is otherwise similar enough that whatever authentication method was used to prove control of the domain also works in the same way on the new server. But again, most people in most circumstances would probably find it more straightforward to start from scratch.

1 Like

Thanks for the reply, I’m using the python-certbot-apache package on an Ubuntu server with Apache server.

So, repeating what you said, I just simply need go through the initial installation again, and I’ll be fine, right?

I have one more question:

I use http://example.com domain, and as far as I can tell http://www.example.com get automatically redirected to http://example.com, do I need to get a certificate for both?
For example using this command: sudo certbot --apache -d example.com -d www.example.com
I received an error saying Failed authorization procedure. www.example.com urn:acme:error:connection The server could not connect to the client to verify the domain. DNS problem. NXDOMAIN looking up for A for www.example.com

I end up adding adding CNAME in the DNS manager of my hosting provider, and then I tried the sudo certbot --apache -d example.com -d www.example.com command again at which point, I was presented with presented with 3 different default.conf, and selected 000-default-le-ssl.conf. While I successfully end up getting the certificate, I’m not sure I did the right thing, or I never needed to get a cert for the WWW.example.com. Watching different instructional videos, they say to do it, but I don’t know.

You definitely need one that covers both. The connection - and certificate validation - occurs before the server responds with a redirect. If you only have a certificate that covers example.com, then anyone connecting to www.example.com will be presented with a security warning for name mismatch.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.