Moving certs from one server to another

I am upgrading some older Ubuntu servers, and one has a client with a LE cert that has been in production for a while. The “new” server will have new ip addresses. I have manually copied over the /live/ folder as a test to the “new” system, and this “works”, at least for now. This is being tested with my hosts file until I feel like its stable, and then I’ll flip the DNS to the new system’s ip.

The “new” system has other LE certs on a different ip.

I am guessing that when the renew script runs, stuff will break. Is there a better way to handle this situation where things have to be moved prior to the DNS changing?


Assuming you’re using certbot?

Nothing should break when you run certbot renew if you only copied the certs and key from the /live/ folder. Renewals are done based on the contents of the configuration files in /etc/letsencrypt/renewal/ and if the new domain isn’t mentioned there, certbot won’t even try to renew it.

When you repoint the DNS, just delete that copy from /live/ and obtain a new cert the normal way. The next renewal should then pick it up correctly.

1 Like

Certbot on this “new” system, yes. Thanks, sounds like a plan then!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.