Saga
By:
Saga

How do I transfer a Let's Encrypt certificate from one droplet to another?

May 10, 2017 231 views
Let's Encrypt Ubuntu 16.04

I've followed this guide to install a Let's Encrypt certificate on the first droplet: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

I'd like to destroy that droplet and instead move the certificate to a new droplet elsewhere. Do I run certbot again on the new droplet? Or do I just copy over the certificate files? If the latter, then how do I configure auto-renewal?

Thanks!

2 comments
  • Yes, the simple option is to install and run Certbot on the new droplet and issue new certificates, just like you did the first time on the old droplet.

    Be mindful of the Let's Encrypt rate limits, but issuing a couple duplicate certificates is far from being a problem.

    https://letsencrypt.org/docs/rate-limits/

  • Seems easier than I thought it would be. Thank you!

1 Answer

Hi @Saga
You can do what @mnordhoff recommends - it's probably the easiest way.
Otherwise you would have to manually copy files from /etc/letsencrypt to the new server.
Just remember that you will get an email alerting you that the old certificate is expiring - you need to ignore those mails, since you are actually using a different certificate on a different server. I think you get two mails around day 80 of the old certificate.

  • If the new certificate is for the same set of names as the old certificate, Let's Encrypt won't send expiration warning emails.

Have another answer? Share your knowledge.