Differences

This shows you the differences between two versions of the page.

--- linux:certbot_move_cert_to_server [2020/06/17 22:15]
admin created
+++ linux:certbot_move_cert_to_server [2020/06/17 22:20] (current)
admin
@@ Line 40: / Line 40: @@
 Replace admin@sevennet.org with the destination server info, where admin is a username and sevennet.org is a target server domain or IP.
+===== Move SSL certificates =====
+This is a really simple step. Log in to the new server and extract the certificates:
+<code bash>
+ssh admin@sevennet.org
+</code>
+===== Extract to the correct location =====
+Now you need to extract files to the correct location on the new server. Insite archive we already have the correct folder structure, so you can extract it "as is" if you are in the root folder:
+<code bash>
+cd /
+sudo tar -xvf ~/certs.tar.gz
+</code>
+<note>If on the new server you have different Linux distro or custom letsencrypt installation you may need to manually copy files to the correct location.</note>
+===== Create symlinks =====
+For the correct work, you need to create symlinks in the live folder for your domain:
+<code bash>
+sudo ln -s /etc/letsencrypt/archive/divbyte.com/cert2.pem /etc/letsencrypt/live/divbyte.com/cert.pem
+sudo ln -s /etc/letsencrypt/archive/divbyte.com/chain2.pem /etc/letsencrypt/live/divbyte.com/chain.pem
+sudo ln -s /etc/letsencrypt/archive/divbyte.com/fullchain2.pem /etc/letsencrypt/live/divbyte.com/fullchain.pem
+sudo ln -s /etc/letsencrypt/archive/divbyte.com/privkey2.pem /etc/letsencrypt/live/divbyte.com/privkey.pem
+</code>
+===== Point domain to the new server =====
+Update nginx or apache configuration to use new certificates (for nginx):
+<code bash>
+ ssl_certificate /etc/letsencrypt/live/divbyte.com/fullchain.pem; # managed by Certbot
+ ssl_certificate_key /etc/letsencrypt/live/divbyte.com/privkey.pem; # managed by Certbot
+</code>
+Go to your DNS manager and change the A record, so it is pointing to the new server.
+<note>
+At this point, you should have all the content and database migrated to the new server, so you can safely switch your domain to the new server.</note>
+This step is required to successfully run a test renewal:
+<code bash>
+sudo letsencrypt renew --dry-run
+</code>
+You do not need to modify cron tasks for certbot since it's configured in a way that will renew all certificates:
+<code bash>
+sudo cat /etc/cron.d/certbot
+SHELL=/bin/sh
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+*/12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
+</code>
+That's it, the domain name is pointing to the new server and certificates can be automatically renewed
+===== Cleanup the old server =====
+Now you can remove certificates and renewal config from the old server, execute the following:
+<code bash>
+rm /etc/letsencrypt/renewal/divbyte.com.conf
+rm -rf /etc/letsencrypt/renewal/divbyte.com
+</code>
+Do not forget to change the location (the one you found in the first step)
+And now you can update your Nginx or Apache config and remove the SSL/HTTPS configuration section.

ACIM Personal Knowledgebase

User Tools

Site Tools

Differences

Page Tools