Hi. If I have a small number of domains on a server, is there any real need to backup the /etc/letsencrypt directory given that I can just regenerate the certificates manually anyway if ever I needed to recreate the server? Thanks for your help.
I can think of two things, but they’re both not that big of a deal.
First, if you run into the rate limits while re-creating the server, you might not be able to get a certificate for a week. It’s unlikely to happen with a small number of domains, but you never know, something might wrong that causes you to request a lot of certificates while restoring your server or something like that. Having a backup of valid certificates would be a bit of a safety net.
Second, without backups of either your account key or your certificate’s private keys, you won’t be able to revoke your certificates. If someone compromises your server, copies and then deletes your keys, there’d be not much you could do to prevent the attacker from using them in MitM attacks until the certificates expire. That said, this is more of a theoretical problem because most server compromises of that nature would also give the attacker the ability to just request new certificates with a private key under the attacker’s control.
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.