Moving certs from one server to another


#1

I am upgrading some older Ubuntu servers, and one has a client with a LE cert that has been in production for a while. The “new” server will have new ip addresses. I have manually copied over the /live/ folder as a test to the “new” system, and this “works”, at least for now. This is being tested with my hosts file until I feel like its stable, and then I’ll flip the DNS to the new system’s ip.

The “new” system has other LE certs on a different ip.

I am guessing that when the renew script runs, stuff will break. Is there a better way to handle this situation where things have to be moved prior to the DNS changing?

Thanks.


#2

Assuming you’re using certbot?

Nothing should break when you run certbot renew if you only copied the certs and key from the /live/ folder. Renewals are done based on the contents of the configuration files in /etc/letsencrypt/renewal/ and if the new domain isn’t mentioned there, certbot won’t even try to renew it.

When you repoint the DNS, just delete that copy from /live/ and obtain a new cert the normal way. The next renewal should then pick it up correctly.


#3

Certbot on this “new” system, yes. Thanks, sounds like a plan then!


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.