I am trying to swap my company’s Let’s Encrypt server as it is old enough for decommission. I already set up a new server with Debian Stretch with NGINX. So, installing certbot was a breeze, no problems at all. Now, I have to migrate the old Let’s Encrypt to the new server.
I heard that copying the contents under /etc/letsencrypt will do the job if the new server will have the same name and IP address. Is it correct? Or, are there any special command that I can use? For example, if I replace the old server with new one and type ‘certbot renew --nginx -d mydomain’, will it work? The old server has certbot version 0.8.1-2 which I believe quite old.
I’d like to also ask another question with account information change. When I looked at regr.json file on the old system, I found that the old email address is used. Is it possible to change it into a new one?
If it’s possible, I’d like to make this migration via commands as possible as I can instead of copying data from here and there. Hopefully, I explained the situation clearly. I would really appreciate any helps. Thanks a lot.
It's important to copy /etc/letsencrypt using a method that preserves ownership, permissions, and symlinks, such as tar or rsync. And the IP address need not be the same. But otherwise this is correct.
You may also need to copy your web server configuration as well, or else you will have to configure SSL manually or run certbot install to install your certificate into the new server.
certbot renew doesn't take these arguments. If you have copied /etc/letsencrypt from your old server, running certbot renew by itself will renew any certificates that are expiring and let you know that certbot is ready to renew the ones that aren't expiring soon.
If you do not copy the contents of /etc/letsencrypt, then you would need to run certbot --nginx -d yourdomain.com but without the renew argument.
If you do not copy the contents of /etc/letsencrypt, then you would need to run certbot --nginx -d yourdomain.com but without the renew argument.
So, if I understood your comment correctly, without copying anything, if I just issue a command 'certbot --nginx -d mydomain', this will work, correct (of course, I have to configure NGINX)? If so, what is going to happen to the old certificate and private key and CSR? Do they automatically get revoked or expired?