rap-2-h
rap-2-h

Reputation: 32078

Copied a let's encrypt certificate from one server to another, how to auto renew?

I have just copied a SSL certificate (generated via let's encrypt certbot) from one server (A) to another (B). So, I have created a custom directory in my new server, let's say /home/my-certificate/, and copied the fullchain.pem and privkey.pem from (A) to (B). Everything works, the server is alive, the certificate are OK. Now I want to enable auto-renew on the new server (B). How can I do that?

Upvotes: 8

Views: 11031

Answers (3)

Sethuraman Srinivasan
Sethuraman Srinivasan

Reputation: 1606

In addition to Druss's answer, a few more steps to be followed.

The solution provided will encounter problems when you try to renew the certificate.

To resolve this issue, a new certbot account should be registered, and conf file should be edited pointing to the new account. I followed the steps provided in this link.

Upvotes: 0

druss
druss

Reputation: 1880

You need to copy letsencrypt renewal config to the new server, and then modify nginx config to point to the new, custom location: /home/my-certificate/

I would suggest moving your certs to the exact same location on the new server, in this case, you can just copy and paste certs and config without any modification.

Here is the list of steps:

  1. Archive certificates on the old servers
  2. Move them to a new server
  3. Extract to the correct location
  4. Create symlinks
  5. Redirect domain

Based on this article

Upvotes: 2

tialaramex
tialaramex

Reputation: 3801

Two good options stand out

  1. Copy the Let's Encrypt certbot metadata from A to B as well, then install and continue to use certbot to renew as usual. This metadata is kept in /etc/letsencrypt/ and it tracks how your certificate was issued, from which certbot will conclude how it should renew it.

OR

  1. Install certbot and perform a fresh certificate request on B, any time between now and when the existing certificate would expire. Assuming the certificate is for the exact same list of FQDNs this will only count against the per-certificate limit of 5 such requests per week, which is fine unless you're going to do this transition every day or you keep screwing it up and having to try again.

Upvotes: 6

Related Questions