Switching from dehydrated to certbot

I have used letsencrypt.sh / dehydrated for my servers so far, but would like to switch over to using certbot for my new server. Is there any known way to convert my account information and private keys in dehydrated to one compatible with certbot?

Just asking before I attempt to come up with an solution myself.

1 Like

Hi @pludikovsky

I wouldn’t do that and it’s not required.

  • Create a new account
  • if you create certificates, new keys are created.

So there is no need to transform the old account.

4 Likes

This is interesting: usually people start with certbot and then go to other clients, not the opposite.

Can you tell us why are you switching?

2 Likes

As others said, you don’t have to do that… you can just start new.

HOWEVER…

Certbot stores account information in this directory:

/etc/letsencrypt/accounts/{SERVER}/directory/{ACCOUNT_ID}

there are 3 files:

  • meta.json - info about creating the account
  • regr.json - info about registration
  • private_key.json - RSA key in JWK format

Most other clients store the RSA key in PEM format.

A few weeks ago, the certbot team accepted a PR from me to the josepy package for an example script that shows how to convert JWK to PEM (and vice-versa).

That file is here:

3 Likes

FWIW that’s only one possible account key algorithm. It isn’t universally true that Let’s Encrypt account public keys are RSA, you can also register an ECDSA keypair for the account key.

2 Likes

I knew that, and am trying to figure out why I wrote the incorrect text as I did. Thank you for pointing this out.

2 Likes

I started with letsencrypt.sh (before it was renamed to dehydrated) because at that time

  1. The certbot client required a nasty mix of Python, compiled C, and Perl glue
  2. You had to mangle all that into a working shape because there were no ready to use packages for most stable distros, let alone BSDs

letsencrypt.sh only required bash, openssl, and a few GNU tools.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.