How do I transfer a Let's Encrypt certificate from one droplet to another?

May 10, 2017 2.3k views
Let's Encrypt Ubuntu 16.04
Saga
By:
Saga

I've followed this guide to install a Let's Encrypt certificate on the first droplet: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

I'd like to destroy that droplet and instead move the certificate to a new droplet elsewhere. Do I run certbot again on the new droplet? Or do I just copy over the certificate files? If the latter, then how do I configure auto-renewal?

Thanks!

2 comments
  • mnordhoff May 10, 2017

    Yes, the simple option is to install and run Certbot on the new droplet and issue new certificates, just like you did the first time on the old droplet.

    Be mindful of the Let's Encrypt rate limits, but issuing a couple duplicate certificates is far from being a problem.

    https://letsencrypt.org/docs/rate-limits/

  • Saga May 10, 2017

    Seems easier than I thought it would be. Thank you!

Log In to Comment
1 Answer
hansen May 10, 2017

Hi @Saga
You can do what @mnordhoff recommends - it's probably the easiest way.
Otherwise you would have to manually copy files from /etc/letsencrypt to the new server.
Just remember that you will get an email alerting you that the old certificate is expiring - you need to ignore those mails, since you are actually using a different certificate on a different server. I think you get two mails around day 80 of the old certificate.

Reply
  • mnordhoff May 10, 2017

    If the new certificate is for the same set of names as the old certificate, Let's Encrypt won't send expiration warning emails.

Have another answer? Share your knowledge.

Related Questions