No. Just that there was no need to change the DNS for those until you were sure your new system was working well for the other ones. In other words, you use the domains where you did have certs to prove your methods first.
Once you had your methods proven, move those over, change the DNS, and get the certs for them.
You can get a new cert before the DNS change with the --manual plugin (as a temporary step) as mentioned before.
Thanks Osiris. Hypothetically, if I were to create a new cert using --manual, then could I setup the renewal configuration manually also? Apart from version and cert paths, if I drop the following config into /etc/letsencrypt/renewal/gnmonlineseminars.com.conf, would that ensure that future renewals for the domain take place automatically as usual in spite of the --manual creation? If that's so, I might go this route, but I'd also need to know where to get the "...account_id..." to put in place below.
[renewalparams]
account = account_id
authenticator = webroot
webroot-path = /path/to/gnmonlineseminars.com/public_html
agree-tos = true
server = https://acme-v02.api.letsencrypt.org/directory
Renewals are already included with all certs that are issued.
[certbot will automatically setup a cron or system-d timer to check for cert renewals twice a day]
That said, if you did anything manually during the issuance, the automated renewals will fail 
You should try to stay away from creating [or editing] any files managed by certbot.
I see that you aim to use --webroot, if that's the case, then you should use that instead of --manual.
--webroot issued certs can be renewed just as easily as they are issued.
Hypothetically that's possible, yes.
Looks alright to me. Automated renewal would of course require a systemd timer/cronjob, but these are usually installed automatically.
You can find the account ID as a subfolder of the ACME server in /etc/letsencrypt/accounts/ somewhere. But if you'd use the --manual plugin to bootstrap the new server, that value would already be filled out, just like server would be.
But as Rudy already mentions: manually editing these files is not recommended. I'd recommend using the reconfigure subcommand with Certbot 2.9.0 (or higher for future readers).
Not when Certbot is installed using pip, FYI.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.