Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
The operating system my web server runs on is (include version):Debian 12
My hosting provider, if applicable, is: my own servers
I can login to a root shell on my machine (yes or no, or I don't know):yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): n/a
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.11.0
Copied certs and root CA (Lets Encrypt) from current/old hosting platform so don't have the CSRs.
They are installed on my own web servers and HTTPS secure but certificates run out Dec 30th and would like to know the command to set up in certbot in order to renew before then or before they are revoked (if thats still a thing)
Sorry but new to certbot and had just got my head round openssl but so far been unsuccessful in getting a self-signed certificate/my own root CA to get the green light .. maybe a DNS thing as until today it was split.
I cannot connect to your domain using HTTP or HTTPS. You should review your comms config to open access to at least port 80 (for now) from the public internet. The Let's Debug test site is good to test: Let's Debug
I don't understand what you actually copied over but for your case I would recommend just installing Certbot fresh and requesting a new cert for your new Apache system. You don't need to carry over anything from the prior machine and if it was just one cert anyway that isn't much benefit for that.
If you think your Apache should work with self-signed then you also need to review port 443. Because I can't reach your domain on that port either.
thanks for getting back so quickly. I have my firewall locked down as I've also moved DNS back to my domain registrar in last hour.
Wanted to have SSL in place to test things out before internally before firing up the sites again.
Old school, I copied over certs (jam2it, CA) & key over in their in encrypted text formats and re-saved them with an appropriate file type, and hooked them up in the apache virtual host files.
Seemed to recall from log time ago that you can create csr from the certificate not sure if certbot can do that ... just wanted some pointers because I didn't want to confuse myself between openssl and certbot commands.
Also conscious that the hosting company had acme challenge configured so assume that was to identify a trusted server via DNS and the host directory.
Will have a test page up on 80/443 later as I've got a few errands to run before i check through my HHTP>HTTPS re-directs.
Its actually a few more but they had been wrapped up in a SAN certificate which expired last month. As they are all related, I may lump them together but appeared as attached to my domain - they are associated businesses. (see below)
My issue was I couldn't get an openSSL certificate to stop the browsers moaning about them being untrusted. Tried many options with no joy. But thought that may simply have been because of the DNS location, despite my server being part of the chain, the SOA for domain was with the hosting companies nameservers and maybe for another 48-72 hours.
Please note that usually certs and their associated private keys, as retreived and generated by Certbot, are not encrypted but simply PEM encoded which can be decoded by anyone without any problem.
So unless you've encrypted the PEM files thoroughly yourself, you should not transfer the files over an unsecure medium.
That sounds like a single cert with multiple SANs. The common name of the cert isn't much use.
A self-signed cert will not be trusted unless you manually trust it on the client you check from. A cert from a public Certificate Authority will be trusted.
To do a "quick start" on a new system you could copy the Certbot ../live/fullchain.pem and ../live/privkey.pem to the new system. Put it in a secure place but not in any folder related to /etc/letsencrypt (maybe like /etc/ssl/...). Then have Apache refer to those two files and test until you get valid connection. Ideally this cert will have sufficient time before expiry to cover your test cycle.
Once you permanently switch your DNS to the new server then work on getting Certbot setup and Apache using those certs.