The existing server (where certbot is installed and working) needs to be replaced. I can replace it with a new instance of the same local hostname, DNS name, and IP. However, I don't know exactly what files to copy and restore to the new server so that it will be able to renew our certs when the time comes. I see several in /etc/letsencrypt, but please let me know if others exist. I have about 30 days before I must renew our certs.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Good point rg305! When I tested installing certbot on a new server it did create a new cron job, but I didn't compare it to the old one. We do take advantage of that job to attempt auto-renew, but unfortunately we have so many SANs that one or more of them always gives an issue that needs to be resolved before renew can complete successfully.
I'll be sure to document and recreate the existing cron job.
Right now our architecture won't support that, but yes it is a thing we will have to do at some point, since parts of AWS only support 100 SANs on a cert.