Migrating account from certbot to Google Acme?

I have an existing account set up originally with the official letsencrypt-auto (now, certbot) client. Would like to migrate to using the Google ACME client.

Anyone have suggestions for how to migrate my account key / registration? I imagine that I’ll need to extract the key from one of the JSON files, but any specific tips?

(Yes, I know I could just generate a new account, but I’d prefer to migrate if possible.)

Unfortunately, certbot (which is the new name for the official client) doesn’t have some sort of account “export” feature. And my Python skills aren’t that well to simply tell you how to export it from private_key.json :frowning:

Thanks for the help. I did find some instructions to run a conversion using a Python script Jon Lundy created under “Option 2: Use existing letsencrypt account key”. This seems to have created the proper converted private key.

Now I’m just trying to get it to use it with the Google ACME client. It is recognized, but says that the registration key is already in use. So I’m making some progress.

Okay, got this mostly working…

Now that I had the key converted, I just needed to create an account.json file. Simply ran the command to generate an account using the staging URI and then modified that to point to the Prod URI.

Still need to generate my certificates, but things are at least running now.

Alright, I documented how to do this migration in the Migrating a Let’s Encrypt account created with certbot to Google acme section of a blog post.

Basically, you need to do a few things:

  1. Create an account.json file based on a sample on the aforementioned blog page and place it in the $HOME/.config/acme/ directory
  2. Convert your account key as stored in the private_key.json file from certbot into a standard RSA key file named account.key
  3. Verify things are working with acme whoami command, and accept the latest terms of service, using acme update -accept, if necessary

Hope this helps others.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.