Migrate certificates to a new server


In 2016 I created a VM with certbot and have maintained it until now.
But now I have a new VM with Ubuntu 20.04 and certbot installed from scratch.

How can I migrate all certificates from old machine to new machine?

The site settings I know I have to get from /etc/apache2/sites-enabled and some files in the following folders to copy each site's certificate.

  • /etc/letsencrypt/archive/example.com/
  • /etc/letsencrypt/live/example.com/
  • /etc/letsencrypt/renewal/example.com.conf

Is there anything else I should copy?

Just copy the entire /etc/letsencrypt/ directory. Use settings for the application you're using that will make sure symbolic links are preserved.


Couldn't this cause problems due to the difference between the versions installed on Ubuntu 16 and 20?

The recommended method of installing Certbot is by using "snap", so you'd be running the latest version of Certbot regardless of your OS.

That said, there shouldn't be any issue running a newer Certbot with content of /etc/letsencrypt/ from an older version of Certbot. It should be backwards compatible.


If you do it in the other direction, you'll get a warning about possible incompatibilities, but the rate of change in the format of the contents of /etc/letsencrypt has actually been extremely slow, so it's rather unlikely to cause any problems in practice.

And indeed, old-to-newer migration should be fine with every pair of Certbot versions, as far as I'm aware.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.