Regular backups of certificates

Hey guys. I just wanted to ask a quick question regarding this topic since it's been a while since the last answer: should one create regular backups of certificates or can I just re-run certbot to get new ones in case my server was rebuilt/migrated?

Thanks and my apologies if this was answered before: I searched and couldn't find a recent answer.

1 Like

Basically nothing has changed since then. As long as your usage is within Rate Limits you are free to start from scratch. But if you happen to represent a big org with a Rate Limits Adjustment on your account—make sure to at least have your account key/info backed up.

3 Likes

I would suggest that a good practise is to snapshot your server regularly so that you can recover instantly (e.g. restore your snapshot then restore the latest version of any databases/media file backups you have)

Most cloud providers offers regular VM backups (if that's what you're using). Rebuilding a server from scratch is great if you can do it (and have a written procedure for doing so), but most people can't because they fail to document all the finer points of their configuration. For any recovery procedure you should assume you are not the one following it.

If you are recovering backups of certificates then there will be associated web server config (to use those certificates) and ACME client config (renewals, account keys etc).

3 Likes

I'm not sure if Let's Encrypt is very happy about companies with a large rate limit suddenly re-issuing a whole bunch of certificates :wink:

Backups should be part of the regular business, sooooo..

3 Likes

Well, yes, with cautions already noted about rate limits.

But, sometimes Let's Encrypt is down. Or, there may be networking or other problem between you and LE temporarily preventing issuance.

This is just to say getting a cert is not always instant. It usually is and people get in habit thinking it is. So thought I'd mention it :slight_smile:

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.