How to maintain same account while migrating servers

Hey folks,

We are migrating our servers and I was wondering how to maintain the same let's encrypt accounts (id, keys).

We have two use cases

  1. We are using certbot to generate few wildcard certificates. Would it be enough here just to copy over the content of /etc/letsencrypt/accounts/{account_id}/* to the new server ?
    Anything else we need to copy over ?

  2. We are using lua-resty-auto-ssl which in turn uses dehydrated to dynamically generate certificates for our clients. We are using dedicated account to generate thousands of certificates. I assume it's important to maintain the same account. Would appreciate any guidance on how to properly copy over the account info.


1 Like

In the first case, it would at least also need the DNS API information (to be able to continue issuing wildcard certs) and might also need renewal information which in-turn would need the related live / archive information.
In short, I would copy the entire /etc/letsencrypt/ over.

In the second case, it is unclear if DNS or HTTP authentication is (or both are) being used.
Both would require additional files to migrate smoothly.
To cover all bases, I would also copy over all related directories.
[more than enough is much better than not enough]


Thanks @rg305 !

For the 1st use case we do it currently manually every 3 months hence there is no automatic DNS configs yet in place. We add txt records manually and then hit verify. After checking indeed seems there are many other useful config files in the /etc/letsencrypt/ folder. We will just copy it over.

For the second use case http auth method is being used and we have similar folder under /etc/resty-auto-ssl/letsencrypt/ we will just move that over and I think that's it.

Thanks again


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.