Skip to main content

Migrate Let's Encrypt Certificates (Certbot) To New Server

Posted on February 19, 2021

We are assuming a domain name of

Step 1 - Archive SSL certificates

Archive SSL certificates at /etc/letsencrypt/live/ and the renewal configuration file at /etc/letsencrypt/renewal/

sudo tar -chvzf certs.tar.gz /etc/letsencrypt/archive/ /etc/letsencrypt/renewal/

Step 2 - Move archive to new server

scp certs.tar.gz [email protected]:/home/admin/

Replace [email protected] with the destination server info, where admin is a username and new.server.ip is a target server domain or IP.

Step 3 - Extract archive on new server

Log into the new server

ssh [email protected]

Extract archive to correct location

cd /
sudo tar -xvf ~/certs.tar.gz

Step 4 - Create symlinks

For the correct work, you need to create symlinks in the live folder for your domain:

sudo ln -s /etc/letsencrypt/archive/ /etc/letsencrypt/live/
sudo ln -s /etc/letsencrypt/archive/ /etc/letsencrypt/live/
sudo ln -s /etc/letsencrypt/archive/ /etc/letsencrypt/live/
sudo ln -s /etc/letsencrypt/archive/ /etc/letsencrypt/live/

Step 5 - Configure your apache or nginx configurations

Upgrade your web server configuration and restart it.

Step 6 - Test certificate renewal

sudo letsencrypt renew --dry-run

Step 7 - Clean up the old server

Log back to the old server and run

rm /etc/letsencrypt/renewal/
rm -rf /etc/letsencrypt/renewal/