Moving certs from one server to another

hal1 · March 9, 2017, 10:09pm

I am upgrading some older Ubuntu servers, and one has a client with a LE cert that has been in production for a while. The “new” server will have new ip addresses. I have manually copied over the /live/ folder as a test to the “new” system, and this “works”, at least for now. This is being tested with my hosts file until I feel like its stable, and then I’ll flip the DNS to the new system’s ip.

The “new” system has other LE certs on a different ip.

I am guessing that when the renew script runs, stuff will break. Is there a better way to handle this situation where things have to be moved prior to the DNS changing?

Thanks.

jmorahan · March 9, 2017, 10:25pm

Assuming you’re using certbot?

Nothing should break when you run certbot renew if you only copied the certs and key from the /live/ folder. Renewals are done based on the contents of the configuration files in /etc/letsencrypt/renewal/ and if the new domain isn’t mentioned there, certbot won’t even try to renew it.

When you repoint the DNS, just delete that copy from /live/ and obtain a new cert the normal way. The next renewal should then pick it up correctly.

hal1 · March 10, 2017, 6:48pm

Certbot on this “new” system, yes. Thanks, sounds like a plan then!

Topic		Replies	Views
Copy /etc/letsencrypt or regenerate to move? Help	7	5151	January 30, 2021
Migrating Certbot and Certificates Between Servers Help	23	12417	August 21, 2017
Migrating to new server, keeping domain name--best method? Help	4	1293	February 25, 2018
Moving DNS01 renewal on a different host Help	8	119	January 26, 2025
Move certs / domain to other server / le-account Help	5	665	September 2, 2021

Moving certs from one server to another

Related topics