I run multiple services on a single server. Now I'm building different servers and distributing the services on them. I get eight different certificates from LE on the old server, some with multiple names (SAN). I would like to know what is the appropriate procedure for distributing these certificates to the new servers and for the time being still being able to leave them installed and also be able to renew them on the old server.
-
I could copy the /etc/letsencrypt/live directory to the appropriate new server depending on the service. What is not clear to me with this procedure is how I can then have these certificates renewed on the new server.
-
The other variant is to obtain the required certificates on each server again. With this procedure, it is not clear to me what happens to the previous certificates and whether they can still be renewed on the old server afterwards. Because it takes a certain amount of time between the installation and the commissioning of the new server, during which the certificates should be installed on both the old system and the new one.
And how do I say at the end that I no longer need the certificates on the old server? Does LE have to know that?