Relocate letsencrypt tree -?

lejeczek · August 11, 2022, 6:07pm

Hi guys.

Copying whole /etc/letsencrypt/ somewhere and then using args with 'certbot' still shows original paths:

alias certbot-apps='certbot --config-dir /apps/etc/letsencrypt --logs-dir /apps/log/letsencrypt'
-> $ certbot-apps certificates
Saving debug log to /apps/log/letsencrypt/letsencrypt.log
...
    Certificate Path: /etc/letsencrypt/live/aki.xyz/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/aki.xyz/privkey.pem

Which I'd image will break 'renewal' - meaning renewal will not put new certs to that other location - right?
What is a correct way to fully "relocate" letsencrypt to be sure auto renew will work?

many thanks, L.

Osiris · August 11, 2022, 6:36pm

The paths as you see in your output are stored in the renewal configuration files, which are located in the /renewal/ subdirectory. There isn't really a "guide" or "method" to relocate Certbot. I guess you'd need to manually (or e.g. use sed) change the paths in the renewal configuration files to the correct ones.

Also note that when copying the /etc/letsencrypt/ directory, you need to make sure this process maintains the symbolic links in the /live/ directory. Some copy processes will dereference the symbolic links to actual files, which is incompatible with Certbot.

jvanasco · August 11, 2022, 6:39pm

Just adding - you should also pass in a unique --work-dir argument. Certbot creates locks, so you run the risk of another certbot process overlapping with yours.

system · September 10, 2022, 6:40pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.