'save' a certificate before rebuilding server?

I'm trying to get jitsi working on an OpenVZ 7 server from flipperhost and having to wipe the server and restart to fix lots of repository issues and other obstacles. I may do this 7 times in an hour depending on where and how I fail as I'm documenting what I'm doing.

This means that I'm rerunning certbot and generating new (old) credentials each time - which obviously has a limit.

Can I copy my certificates 'somewhere' and then restore them to my system as if I reran certbot on a virgin install (no nginx/no apache) and then have them 'work'?

What files do I copy off and then back on and are there any other steps I need to take?



Yes. Certificates and their private keys are nothing more than files.

Well, as far as I know, the Jitsi package is quite custom. I don't think it has regular certbot options. But with a regular certbot, you'd backup /etc/letsencrypt. Note: you've got to preserve symbolic links on backup and restore.


the certbot command I use to generate the certificates is:

certbot certonly --standalone --preferred-challenges http-01 --agree-tos --no-eff-email -m andrew@emaildomain.com -d meet.myjitsidomain.com

I have an A record for meet.myjitsidomain.com

Do I also need to do something to copy file ownership/groups? I'd be re-installing with the same user/same generic install?

What set of either tar or rsync commands (both ways, please) could I use to go from A->B and then B->A and end up where I was?

Thanks for the first (and hopefully second) response.


AFAIK tar has an "archive" option which will preserve almost anything, from owner, dates to as far as I know symbolic links too. See man tar.

And if you've used "regular" certbot without the scripts from Jitsi, you can just backup and restore /etc/letsencrypt.