I have a server out there that supports HTTPS using a certbot/letsencrypt certificate.
I am doing a general software upgrade so to minimize risks and downtime, I'm installing new releases on a new server on which I import the live server data for tests. When everything works I'll have the DNS record changed to point to the new server.
My question is what should I do for the certificate? Can I just copy over the existing one and let it get renewed when necessary? Or will the certificate be incompatible and/or LE will complain that the address has changed during the auto-renewal process? Will LE be sensitive to reverse DNS (it may take some more delay for the reverse DNS to work). Is there any other problem I didn't think about?
By default, Certbot/Letsencrypt stores their configuration files and generated certificates in
/etc/letsencrypt
. So you just need to install Certbot into the new server and copy the directory from the old one. Of course you're gonna have to configure the webserver (Apache, Nginx, whatever you're using), pointing to the certificates in the new server.You can copy the certificate across it will work. Maybe configure the current server as reverse proxy to the other server and you'll be sorted until you make the final move. I hope I could help :)