I have generated a certificate by certboot which works without any problem. I have stored all generated files under the directories “conffigs” and “logs” so all generated data and pem files exist. The problem is that I have recently re-installed OS on my machine so all info under /etc/letsencrypt are gone and now certbot cannot find any certificate on my machine if I intend to renew my certificate for instance. Is there any way to import my certificate into letsencrypt so all data will be created automatically under /etc/letsencrypt?
I read some threads about adding all info manually with symbolic links, etc. which I am not really interested in so I would appreciate if you let me know if there is any way to import the certificate using a proper method.
I'm not quite sure I understand this correctly. What directories "configs" and "logs" do you mean? Also, the certbot PEM files are under /etc/letsencrypt/archive/, not in some directory "configs" or logs"?
Where do you want to import the certificates from? Certificates are publically known (in Certificate Transparancy Logs for example), but you also need the private key.. Which are private obviously. So you'll need to import that private key from your own backup.
Perhaps after answering the above questions it might be easy to "import" the files, but most likely I think this thread will end with the advice to just install certbot on your re-installed OS and generate a whole new (set of) certificate(s).
Thanks for your answer. Actually I have all generated files by letsencrypt including public and private keys, certificate and full chain PEM files. Would that be enough to re-construct the structure under /etc/letsencrypt/?
I’m not sure I follow. You say you have every file backed up. In theory yes, that should be enough to “re-construct” /etc/letsencrypt/. But I fail to understand why that is a problem? What specific issue are you running into?
But I have all these data as backup in my home directory and would like to create correct structure out of it in /etc/letsencrypt/ so I would be able to renew my certificate using certbot because I guess certbot will automatically search for certificates in /etc/letsencrypt.
I'm not sure if the correct permissions are copied correctly that way. If you do a ls -l /etc/letsencrypt/ the permissions should look like this:
drwx------ 6 root root 4096 May 20 2018 accounts
drwx------ 38 root root 4096 Jan 6 19:55 archive
drwxr-xr-x 2 root root 4096 Feb 25 2016 certs
-rw-r--r-- 1 root root 1085 May 20 2018 cli.ini
drwxr-xr-x 2 root root 20480 Jan 6 19:52 csr
drwx------ 2 root root 20480 Jan 6 19:52 keys
drwx------ 37 root root 4096 Jan 6 19:55 live
-rw-r--r-- 1 root root 1619 Jan 14 2018 options-ssl-apache.conf
drwxr-xr-x 3 root root 4096 Jan 6 19:55 renewal
drwxr-xr-x 5 root root 4096 Jan 14 2018 renewal-hooks
Also:
for the files in accounts:
-rw-r--r-- 1 root root 66 May 20 2018 meta.json
-r-------- 1 root root 3169 May 20 2018 private_key.json
-rw-r--r-- 1 root root 961 May 20 2018 regr.json
everything in archive seems to be -rw-r--r-- here.. Not sure if that's correct, private key having that permission although I can remember a few threads about it saying the permissions on the directory are already strict so it's fine
everything in certs is -rw-r--r--
everything in csr is -rw-r--r--
everything in keys has permission -rw-------
everything in live are symbolic links, so no permissions to set there
everything in renewal has -rw-r--r--
I don't have any hooks, but shouldn't be to hard to figure that out