I'm in the process of moving my websites to a new server (VPS). I want to copy the Let's Encrypt certificates of the old server to the new one, so as to have as little downtime as possible when moving the DNS zones. I'm the only one using the VPS.
I'd like to verify whether I'm doing it right, so as to not overlook something. And perhaps there's an even more reliable way, than the way I'm doing it.
My plan is to copy the files specific to Let's Encrypt to the new server, and modify appropriate config files.
As far as I can tell, I need to move these files:
And modify this config file:
adding:
Is this going to work - or do I need to do more?
In order to not import old problems, I have refrained from using the admin backup/transfer facility of DirectAdmin, but have recreated everything, reseller, user, domains, subdomains, etc., and installed code with Git. Everything is tested using the HOSTS file.
In
Most sites are under the reseller, except for the busiest one, that has a user belonging to that single reseller.
Earliest Let's Encrypt renewals are next month.
I'd like to verify whether I'm doing it right, so as to not overlook something. And perhaps there's an even more reliable way, than the way I'm doing it.
My plan is to copy the files specific to Let's Encrypt to the new server, and modify appropriate config files.
As far as I can tell, I need to move these files:
directadmin/conf/letsencrypt.key
directadmin/conf/letsencrypt.key.json
directadmin/data/users/[reseller]/letsencrypt.key
directadmin/data/users/[reseller|user]/domains/example.com.cacert
directadmin/data/users/[reseller|user]/domains/example.com.cert
directadmin/data/users/[reseller|user]/domains/example.com.cert.combined
directadmin/data/users/[reseller|user]/domains/example.com.cert.creation_time
directadmin/data/users/[reseller|user]/domains/example.com.new.tmp
directadmin/data/users/[reseller|user]/domains/example.com.csr
directadmin/data/users/[reseller|user]/domains/example.com.key
directadmin/data/users/[reseller|user]/domains/example.com.letsencrypt_remaining_retries
directadmin/data/users/[reseller|user]/domains/example.com.san_configAnd modify this config file:
directadmin/data/users/[reseller|user]/domains/example.com.confadding:
SSLCACertificateFile=/usr/local/directadmin/data/users/[reseller|user]/domains/example.com.cacert
SSLCertificateFile=/usr/local/directadmin/data/users/[reseller|user]/domains/example.com.cert
SSLCertificateKeyFile=/usr/local/directadmin/data/users/[reseller|user]/domains/example.com.keyIs this going to work - or do I need to do more?
In order to not import old problems, I have refrained from using the admin backup/transfer facility of DirectAdmin, but have recreated everything, reseller, user, domains, subdomains, etc., and installed code with Git. Everything is tested using the HOSTS file.
In
directadmin.conf, I have added letsencrypt=1.Most sites are under the reseller, except for the busiest one, that has a user belonging to that single reseller.
Earliest Let's Encrypt renewals are next month.
