Copied a let's encrypt certificate from one server to another, how to auto renew?

Question

I have just copied a SSL certificate (generated via let's encrypt certbot) from one server (A) to another (B). So, I have created a custom directory in my new server, let's say /home/my-certificate/, and copied the fullchain.pem and privkey.pem from (A) to (B). Everything works, the server is alive, the certificate are OK. Now I want to enable auto-renew on the new server (B). How can I do that?

Answer 1

Two good options stand out

1. Copy the Let's Encrypt certbot metadata from A to B as well, then install and continue to use certbot to renew as usual. This metadata is kept in /etc/letsencrypt/ and it tracks how your certificate was issued, from which certbot will conclude how it should renew it.

OR

2. Install certbot and perform a fresh certificate request on B, any time between now and when the existing certificate would expire. Assuming the certificate is for the exact same list of FQDNs this will only count against the per-certificate limit of 5 such requests per week, which is fine unless you're going to do this transition every day or you keep screwing it up and having to try again.

Answer 2

You need to copy letsencrypt renewal config to the new server, and then modify nginx config to point to the new, custom location: /home/my-certificate/

I would suggest moving your certs to the exact same location on the new server, in this case, you can just copy and paste certs and config without any modification.

Here is the list of steps:

1. Archive certificates on the old servers
2. Move them to a new server
3. Extract to the correct location
4. Create symlinks
5. Redirect domain

Based on this article