How to use the "install" subcommand with existing certs?

I’ve obtained certs earlier, and kept the folder containing all of them while redeploying the server.

As I understand it, the “letsencrypt install …” subcommand is intended to add existing certs to LetsEncrypt. Is this right? And if so, how does the command work? All I got so far is the command below which errors with “No installers seem to be present and working on your system”:

sudo letsencrypt install --cert-path archive/ --key-path archive/ -d -d

PS: Ubuntu 16.04, Nginx, LetsEncrypt via apt-get.

It sounds like you might be missing the python-letsencrypt-apache, which is separate from python-letsencrypt on Ubuntu, so I’d start with apt-get-ing that.

Not entirely sure on the letsencrypt install syntax and whether it’s included in the version shipped with Ubuntu 16.04, but maybe this’ll be enough to get things working.

I’m using Nginx, not Apache. And I’d rather edit the site configs than have a plugin to do it (if possible).

Sorry, I missed that. “Installation” in the context of certbot means installing your certificate in your server software (e.g. with the apache plugin), as in: changing configuration. It’s not a way to “import” existing certificates from previous installations. As far as I know something like that doesn’t currently exist in certbot.

Restoring your full configuration, keys and certs can be done with something like rsync -a for /etc/letsencrypt. Restoring lineages one by one can be tricky as it would involve multiple files/directories and symlinks, and things might break in unexpected ways during renewal. I’d recommend reissuing rather than attempting to do this (unless you can just rsync everything).

Aha, thanks. That explains a lot. Also, that would be pretty easy. Just to make sure I understand you correct: All I need to backup/sync is /etc/letsencrypt/* ?

Yep! Everything that needs to be persisted - account keys, renewal configuration, private keys, certificates, etc. - is in that directory.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.