Query Regarding lets encrypt certificates

Hi Community Members,

I have generated lets encrypt certificate on my ubuntu servers, but i m curious what would happens if my servers crashes, how would i recover my certs or renew my certs if they expire, is there any way i zip the whole directory of my server that contains certs and save somewhere else like aws s3 buckets or any recommended platform by lets encrypt team then copy that zip file to another server for certs renew through certbot command??

Below is the directory which contains my certs:
image

You could backup the entire /etc/letsencrypt/ directory. Make sure the application which is doing the backing up and restoring is keeping the symbolic links as they are.

4 Likes

You can, as Osiris says, just back up the entire /etc/letsencrypt/ directory. Note that this will include private keys, so you'd need to either encrypt the backup, keep it somewhere secure, or (ideally) both.

But there's not really a need to do that--if your server crashes, once you rebuild it, just issue another cert. As long as this isn't a frequent occurrence, you should have no problem doing this. The answer's the same if they expire while the server's crashed (though that would mean the server had been down for a month or more)--just issue a new cert once the server is back up.

7 Likes

Two simple ways people do this are to use a deploy hook to:

  1. rsync from one server to another machine.
  2. store in git, either as plaintext against a secure server or encrypted (via blackbox or similar)

There are some highly secure "secrets" vaults/programs that can handle storing the data, and there are some gateways/servers that will natively use secure cloud storage for your certificates.

Keep in mind - the certificates are public info. The certificate private keys, and your account keys, are highly sensitive and must be protected.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.