We have a letsencrypt cert on a server right now and after Ubuntu 18.04 is released, we plan to do a fresh re-install of the server.
My gut feeling would be for letsencrypt to only keep/transfer the static info (account, maybe private key - which could then be stored along with the server (re-)install scripts instead of having to pluck something out of a (offsite) backup) and not the dynamic info (the 90 day cert), but from searching, my impression is that the only options are to copy the whole /etc/letsencrypt/ directory or to start from scratch with a new cert and new account (seems a bit wasteful to for no reason ditch/zombie a perfectly fine account and make a new one…) .
Is there any supported inbetween to start with for certbot-auto between “no /etc/letsencrypt/ at all” and “the full contents of /etc/letsencrypt/” ?
Something like supplying just the (static)
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory//.json
or
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory//.json
and
/etc/letsencrypt/renewal/*.conf
(though the “version =” in there is of course not static, but a variable, so I’m not sure if that could break something on mismatches…)
or maybe one of the above plus the /etc/letsencrypt/keys/.pem or /etc/letsencrypt/live//privkey.pem symlink and its /etc/letsencrypt/archive/privkey1.pem file. ?
(For simplicity I prefer to create/use the same procedure/scripts/files for a planned server upgrade/re-install as I would for “oops, the server just went up in flames, so now we need to to get a replacement up in as few steps as possible”, so I prefer the server’s DB dump to be the only dynamic content I need to fetch from backup…)