# Migrate SSL Certificated https://ivanderevianko.com/2019/03/migrate-letsencrypt-certificates-certbot-to-new-server ## Find the location of Certs `cat /etc/nginx/sites-available/` Locate the location of the SSL certificates from there. e.g. `ssl_certificate_key /etc/letsencrypt/live/aney.co.uk/privkey.pem;` Then find the true location of these files (the ones shown are likely symlinks) `sudo ls -l /etc/letsencrypt/live/aney.co.uk` This will potentially show `lrwxrwxrwx 1 root root 34 Aug 1 15:16 cert.pem -> ../../archive/aney.co.uk/cert1.pem` Which can be translated to `/etc/letsencrypt/archive/aney.co.uk/cert1.pem` You'll also need renewel configs `/etc/letsencrypt/renewal/aney.co.uk.conf` ### Compress the cert files `sudo tar -chvzf certs.tar.gz /etc/letsencrypt/archive/aney.co.uk /etc/letsencrypt/renewal/aney.co.uk.conf` Then move it somewhere easy to access. E.g. a home directory, or /root `mv certs.tar.gz /home/pi/` ### Add certs to the new server `scp certs.tar.gz nathan@192.168.1.226:/home/nathan` ## Move Certificates SSH onto the new server Change into root directory and extract. This will set the correct filepaths `cd /` `sudo tar -xvf ~/certs.tar.gz` ### Symlink the certs to the "live" folder #### If the directory doesn't exist, add it sudo mkdir /etc/letsencrypt/live /etc/letsencrypt/live/aney.co.uk #### Actually do the symlinks sudo ln -s /etc/letsencrypt/archive/aney.co.uk/cert1.pem /etc/letsencrypt/live/aney.co.uk/cert.pem sudo ln -s /etc/letsencrypt/archive/aney.co.uk/chain1.pem /etc/letsencrypt/live/aney.co.uk/chain.pem sudo ln -s /etc/letsencrypt/archive/aney.co.uk/fullchain1.pem /etc/letsencrypt/live/aney.co.uk/fullchain.pem sudo ln -s /etc/letsencrypt/archive/aney.co.uk/privkey1.pem /etc/letsencrypt/live/aney.co.uk/privkey.pem ### Add SSL certificated into the nginx config ` ssl_certificate /etc/letsencrypt/live/aney.co.uk/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/aney.co.uk/privkey.pem; # managed by Certbot` #### Do it from the other server `scp /etc/nginx/sites-available/aney nathan@192.168.1.226:/etc/nginx/sites-available/aney_srv` Rename the existing config if it exists. `mv aney.co.uk aney.co.uk.PRE-MIGRATE` Rename the new/existing server's config `mv aney_srv aney.co.uk` ### Point domain to new server Change the A records in your DNS to point towards the new server. If it's a new replacement/internal server, the IP for the port forward should be all that's needed. ### Run a let's encrypt dry-run `sudo letsencrypt renew --dry-run`