I want to be able to migrate everything to a new server and change the DNS records at the end so I don't have downtime when upgrading server capacity. But certbot doesn't allow you to install a certificate and enable SSL without the DNS A records pointing to the new server. I read elsewhere that you can copy the entire contents of /etc/letsencrypt to the new server. Is that all I need to copy? How about the domain-le-ssl.conf files in /etc/apache2/sites-available? Are there any more files I need to copy over? And do I need to run certbot on the new server once installed? With what options/parameters?
With regard to Certbot: yes.
That depends how you want to migrate your Apache configuration. If nothing changes between servers with regard to the Apache configuration: sure, by all means, migrate domain-le-ssl.conf too! But if the Apache configuration changes somehow, it might be better to only configure/migrate the HTTP virtualhost and afterwards use the certbot install (see the Certbot documentation) to install the migrated certificate into the new Apache configuration.
Not that I know of.
Depends, see above. If everything is migrated over 1:1, then no, otherwise perhaps yes, see above.
Those are stored in the renewal configuration stored in /etc/letsencrypt/.
Please note that for some installation methods of Certbot the cronjob/systemd timer is automatically installed (e.g. snap and most but not all distribution specific methods), but for some other installation methods this is not the case.
2 Likes
Thank you for your answers! I use Ubuntu 22.04 LTS. Will the timer be installed automatically?
1 Like
When I migrated the /etc/apache2/sites-available folder and the /etc/letsencrypt folder to the new server, my websites were unreachable. Running certbot --apache solved that, but having migrated the domain-le-ssl.conf files too caused the http to https redirect to stop working. I've had to remove the domain-le-ssl.conf files and re-run certbot --apache to regenerate them to get http to https redirection working.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.