How to use the "install" subcommand with existing certs?


#1

I’ve obtained certs earlier, and kept the folder containing all of them while redeploying the server.

As I understand it, the “letsencrypt install …” subcommand is intended to add existing certs to LetsEncrypt. Is this right? And if so, how does the command work? All I got so far is the command below which errors with “No installers seem to be present and working on your system”:

sudo letsencrypt install --cert-path archive/example.com/cert1.pem --key-path archive/example.com/privkey1.pem -d example.com -d www.example.com

PS: Ubuntu 16.04, Nginx, LetsEncrypt via apt-get.


#2

It sounds like you might be missing the python-letsencrypt-apache, which is separate from python-letsencrypt on Ubuntu, so I’d start with apt-get-ing that.

Not entirely sure on the letsencrypt install syntax and whether it’s included in the version shipped with Ubuntu 16.04, but maybe this’ll be enough to get things working.


#3

I’m using Nginx, not Apache. And I’d rather edit the site configs than have a plugin to do it (if possible).


#4

Sorry, I missed that. “Installation” in the context of certbot means installing your certificate in your server software (e.g. with the apache plugin), as in: changing configuration. It’s not a way to “import” existing certificates from previous installations. As far as I know something like that doesn’t currently exist in certbot.

Restoring your full configuration, keys and certs can be done with something like rsync -a for /etc/letsencrypt. Restoring lineages one by one can be tricky as it would involve multiple files/directories and symlinks, and things might break in unexpected ways during renewal. I’d recommend reissuing rather than attempting to do this (unless you can just rsync everything).


#5

Aha, thanks. That explains a lot. Also, that would be pretty easy. Just to make sure I understand you correct: All I need to backup/sync is /etc/letsencrypt/* ?


#6

Yep! Everything that needs to be persisted - account keys, renewal configuration, private keys, certificates, etc. - is in that directory.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.