Skip to main content

Migrate Let's Encrypt Certificates (Certbot) To New Server

Posted on February 19, 2021


We are assuming a domain name of simpledrupal.com

Step 1 - Archive SSL certificates

Archive SSL certificates at /etc/letsencrypt/live/simpledrupal.com/ and the renewal configuration file at /etc/letsencrypt/renewal/simpledrupal.com.conf/

sudo tar -chvzf certs.tar.gz /etc/letsencrypt/archive/simpledrupal.com /etc/letsencrypt/renewal/simpledrupal.com.conf

Step 2 - Move archive to new server

scp certs.tar.gz [email protected]:/home/admin/

Replace [email protected] with the destination server info, where admin is a username and new.server.ip is a target server domain or IP.

Step 3 - Extract archive on new server

Log into the new server

ssh [email protected]

Extract archive to correct location

cd /
sudo tar -xvf ~/certs.tar.gz

Step 4 - Create symlinks

For the correct work, you need to create symlinks in the live folder for your domain:

sudo ln -s /etc/letsencrypt/archive/simpledrupal.com/cert2.pem /etc/letsencrypt/live/simpledrupal.com/cert.pem
sudo ln -s /etc/letsencrypt/archive/simpledrupal.com/chain2.pem /etc/letsencrypt/live/simpledrupal.com/chain.pem
sudo ln -s /etc/letsencrypt/archive/simpledrupal.com/fullchain2.pem /etc/letsencrypt/live/simpledrupal.com/fullchain.pem
sudo ln -s /etc/letsencrypt/archive/simpledrupal.com/privkey2.pem /etc/letsencrypt/live/simpledrupal.com/privkey.pem

Step 5 - Configure your apache or nginx configurations

Upgrade your web server configuration and restart it.

Step 6 - Test certificate renewal

sudo letsencrypt renew --dry-run

Step 7 - Clean up the old server

Log back to the old server and run

rm /etc/letsencrypt/renewal/simpledrupal.com.conf
rm -rf /etc/letsencrypt/renewal/simpledrupal.com