Moving fullchain and privkey to a new folder

I need to move the fullchain and privkey to a specific folder so they’re readable by the application Linkurious that runs the domain. The developer who set up the project did it before (so there are keys in that folder) but they have now expired. I created new fullchain and privkey but cannot move them no matter what I try. What do you recommend?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: database.seneolinktry.com

I ran this command: cp -R ‘/etc/letsencrypt/live/database.seneolinktry.com’ ‘/linkurious/data-lke/cert’

It produced this output: No result, either issues with permission or unclear where /etc/ folder is

My web server is (include version): I’m running a AWS instance of Ubuntu

The operating system my web server runs on is (include version): Apache

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.27.0

1 Like

Two things:

  • you’ll need root access to access the private keys under the /etc/letsencrypt/ directory (and I see you do not know if you have root access… That’s probably going to be an issue. You could run whoami on the command line to see what user you’re logged in. If not root, you should check if you can use sudo.)
  • the files in the /etc/letsencrypt/live/ directory are actually symbolic links to the most recent versions of those files in the corresponding /etc/letsencrypt/archive/ directory. So you need to make sure you don’t just copy the symbolic links, because they are relative and won’t be pointing to an actual file.
2 Likes

For the purposes of automatic renewal, the setup steps can be done as part of a --deploy-hook:

  • Copy the certificate and private key files, dereferencing symlinks (cp -L)
  • Change ownership of the copied files
  • Restart Linkurious to make the new certificate take effect

You can find some info on deploy hooks at https://certbot.eff.org/docs/using.html#renewing-certificates

2 Likes

How does this actually work? Does it make a new symlink pointing to the same location?

(Can we actually have symlinks to symlinks to files?)