Smooth transition from commercial SSL to Letsencrypt SSL


My domain is:

I’d like to know if the only thing i have to do is remove the lines referring to the commercial SSL certificate.
Run the cerbot command
./certbot-auto certonly --webroot -w /home/domaine/public_html -d

and add the usual lines of code referring to the Letsencrypt certificate in the vhost file?


Hi @refschool,

You should remove nothing till you issued your cert using the command you posted. Once you get your cert, yes, you can replace the paths of SSL directives SSLCertificateFile and SSLCertificateKeyFile to point to the right paths for your LE issued domains.

As you are using Apache 2.4.10, SSLCertificateFile should point to fullchain.pem file.

SSLCertificateFile    /etc/letsencrypt/live/yourdomain.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.tld/privkey.pem

Note: you should change yourdomain.tld for the real one.

Also, take care because this command:

./certbot-auto certonly --webroot -w /home/domaine/public_html -d

Will issue a certificate covering BUT NOT As your current cert covers both, your command should look like:

./certbot-auto certonly --webroot -w /home/domaine/public_html -d,
./certbot-auto certonly --webroot -w /home/domaine/public_html -d -d

Also, the first name specified will name the certificate, so if you put, your certs will be located here:


If you switch the order:

./certbot-auto certonly --webroot -w /home/domaine/public_html -d -d

the cert will be located here:


Hope this helps.



Hi many thanks for the detailed answer.