Renewal on a read-only boot drive?

My domain is (site currently mostly broken, read on for details), running on Nginx 1.18 and using certbot 1.12, on Raspberry Pi OS 'bullseye'. I have root shell (and physical) access to the server.

After a cursory search around, the consensus seems to be that renewal changes the cert files on the server, so now I'm wondering if it would be at all possible to have certbot install the certificates elsewhere, preferably on the media drive that holds my site content and databases. I ultimately want to enable overlayfs on the boot drive -- an SD card -- to extend its lifetime, as I just spent the entirety of today rebuilding my server from scratch after the last card succumbed to read/write exhaustion.

I can't find any documentation on certbot installing certs in alternate directories, so I'm wondering what would be best practice here - could I move the certs myself after initial generation and create a symlink or hardlink in their original location, and would certbot be able to work with that?

You have complete control here. Check out the paths section of the certbot command line flags: User Guide — Certbot 2.6.0 documentation

You’ll want to edit all the ones with defaults at least.


I'm going to need stronger glasses - I missed that section entirely! Thank you.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.