Then I would change the DNS to point to the new IP address. After some time when the change is propagated, I can connect to the new server via the same domain, the existing SSL certificates are valid.
But when I attempt to activate the non-interactive mode of certbot to take over from here again:
It succeeds, however it creates a new folder s2.mydomain.net-0001 . It’s messy and now my own apps are still pointing to the old directory s2.mydomain.net which will expire in 90 days.
What is the best approach to this problem, please? This should be a common issue (I hope).
@9peppe nothing really happens when I do that. This is a new server where Certbot was never run. Just by copying the certs in that folder can't surely be enough. I still should have to run the whole command to get it kicked off on the new server, right?
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
No renewals were attempted.
No hooks were run.
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
Are you suggesting to copy the entire /etc/letsencrypt over to the new server?
I have already shown you in my first post that I have copied only the certificates and nothing else. A shame there is no cleaner way. I will try this then and come back.
tar -zcvf ~/lets.tar.gz /etc/letsencrypt
copy over the file
cd /
tar -zxvf lets.tar.gz
As you suggested it keeps the path in place.
Dry-run seems also a success. I have one last question. The latest certbot (certbot 0.36.0) doesn’t put itself into crontab anymore. How does it know when to rerun the renewal? Can I see somewhere on which day it will try to renew again?
I’m using Ubuntu 19.10, which is at the time of writing this the latest available Ubuntu, so I thought it should have fairly the latest version as of October 2019.