Taking backup of certificate and using it again incase of server termination

Welcome to the community @subodh

Yes, you will need to have a cert in your instance before starting nginx or Apache. They must have any cert and private key files available at startup.

One idea to consider if you are using an AWS Load Balancer (like ELB) is to use an AWS ACM cert in ELB. This avoids needing a cert in your EC2 instances.

Giving specific advice is hard because of the many ways people design complex systems. In general, the "cert" is just a couple files needed at startup. So, whatever methods you use for other files for "seeding" your instance could be used for the cert files too. Some people use S3 or EFS or similar. In short, some persistent storage accessed on instance startup.

Trying to get a new Let's Encrypt cert from each fresh instance is usually not workable. Only 5 identical certs are allowed per week. Certs also take some time to get and may sometimes fail which is not acceptable for an instance start. You must also consider the time to install certbot unless you have it as part of your instance image.

Here is a thread you might find helpful

5 Likes