What are the recommendations for moving a domain to a new server?
I am using certificates generated by LE on an existing server (Ubuntu - Nginx - AWS). In planning a migration to a new instance on AWS, should I restore the
/etc/letsencrypt directory from backup? Or can I start clean and generate new certificates?
I would greatly appreciate it if anyone could point out the advantages/disadvantages of these approaches. I’m new to this.
You can just copy cross the /etc/letsencrypt directory. Make sure to preserve permissions and also transfer securely as you’re copying the encryption private keys.
Secure transfer can involve sftp/scp, password-protected zip or 7z files, etc.
If you don’t want the hassle or the certificates are close to expiring, you can always start over from scratch. Be aware of the rate limits, if you’ve recently requested the certificates on your current server.
Edit: As mentioned by @schoen below, if you do use 7zip/zip encryption, use a long and random password. 40 characters with symbols, numbers, and upper and lower characters is a good start. SSH is the better option, but anything is better than nothing. The less systems involved in moving the data, the better. You’re transferring sensitive material, so remember that paranoia is a very good quality.
I would not suggest using zip or 7z file encryption for this purpose. If you do use file encryption to protect secret keys, make sure you have a long random password.
Another option is rsync over ssh, if you’re transferring from one Unix account to another.
Thanks for the add-on. I’ve edited my post to reflect the paranoia I really should have put in originally.
(Having seen clients transfer sensitive stuff in the clear, anything, even 7zip or zip encryption is better than nothing.)