- Let’s encrypt certificates reside in 3 folder inside /etc/letsencrypt/.
- The folders are archive, live and renewal.
- The archive folder contains the real keys, the live contains a symbolic link to the archive file and the renewal contains the site configuration.
- Assuming the certificates for a domain with name mydomain.com has to be moved, the 3 folders will contain each a folder mydomain.com. To move them from the original server, the best tool to use is tar with specific parameters to compress and retain the symbolic links as is.
- In the above case, it should be,
sudo tar -czvf mydomain.com.tar.gz /etc/letsencrypt/archive/mydomain.com /etc/letsencrypt/live/mydomain.com /etc/letsencrypt/renewal/mydomain.com.conf
- The compressed folder should be moved to the new server and can be done with scp as follows:
Scp mydomain.com.tar.gz newserveruser@ip.add.re.ss:/home/newserveruser/
- On the new server, install certbot.
- On the new server, login as root and perform
Cd /home/newserveruser/ && tar -xhzvf mydomain.com.tar.gz -C /
- Visit /etc/letsencrypt/live/mydomain.com and perform an ls -la to check if sym link exists.
- On the old server, remove the certificate and renewal config with
rm /etc/letsencrypt/renewal/mydomain.com.conf
rm -rf /etc/letsencrypt/renewal/mydomain.com