Move only one domain to another server

Current setup is:

One Letsencrypt account, but several domains and certificates under that account.

Now I would like to migrate one of those domains/certificate to another machine.

How could that be achieved?

Can I copy over /etc/letsencrypt/ to the new machine and delete the the un-needed domains (i.e. the ones that are still running on the old server)?

That would mean, you guys get renewal requests from the same account from two different certbots on two different machines.

Is that possible, or is there another better way?

I don't think this is a problem.

More important: Do you use one certificate with a lot domains (www.example1.com, example1.com, www.example2.com, example2.com) or do you use only one certificate per domain (with www.example.com and example.com).

If you use the first, then you should renew with a special option (like "subset").

Thanks a lot for your quick reply.

There is one certificate for every domain with a distinct .conf file under /etc/letsencrypt/renewal/

This isn't prohibited in any way, as long as you don't exceed the rate limits.

However it might be simpler to simply create a new account on the new machine and issue a certificate for the single domain there. It's fine to have simultaneous validity and use of different certificates that refer to the same names.

You can eventually reissue the certificate on the old machine so that it no longer covers the migrated name. @JuergenAuer's reference to --allow-subset-of-names is a possible approach but a more correct option is to renew by running with certbot --cert-name specifying the certificate name and a list of -d options covering all of the names that you still want to be included in the new certificate (and leaving out those that you don't want to be included).

That’s great and makes everything much simpler for me. Thanks a lot.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.