As I told in my previous post, I wanted to move my proxy server over to the ProxMox server. And I forgot about the certificates for the sites.
I’m using LetsEncrypt to secure my website with HTTPS(HyperText Transfer Protocol Secure - also known as HTTP over SSL or HTTP over TLS), and on the server side, I’m using Certbot to manage LetsEncrypt certificates for my sites.
Moving the certificates over to the new server, you also have to move over the configuration as well. The configuration is in /etc/letsencrypt
in Debian.
Move everything over, by packing it up and extract it in the new server
OldServer#:~ sudo tar -chvzf certs.tar.gz /etc/letsencrypt/archive /etc/letsencrypt/renewal
OldServer#:~ scp vi3t@newserver:/home/vi3t/
When you have copied the compressed packet over, you’ll need to extract it and link up your certifications all over. I’ve quite alot of them, so I’ve used a while function to make it faster.
Newserver#:~ sudo tar -C / -chvzf ~/certs.tar.gz
Newserver#:~ sudo rm -rf /etc/letsencrypt/live
Newserver#:~ sudo ls -l /etc/letsencrypt/archive/ | awk '{ print $9 }' | while read dirname
do
if [ -z "${dirname}" ]
then continue
else
sudo mkdir -p /etc/letsencrypt/live/"${dirname}"
fi
done
Newserver#:~ sudo ls -l /etc/letsencrypt/archive/ | awk '{ print $9 }' | while read dirname
do
sudo ls -rt /etc/letsencrypt/archive/"${dirname}" | tail -n4 | while read filename
do
case "${filename}" in
privkey*) sudo ln -s /etc/letsencrypt/archive/"${dirname}"/"${filename}" /etc/letsencrypt/live/"${dirname}"/privkey.pem ;;
fullchain*) sudo ln -s /etc/letsencrypt/archive/"${dirname}"/"${filename}" /etc/letsencrypt/live/"${dirname}"/fullchain.pem ;;
chain*) sudo ln -s /etc/letsencrypt/archive/"${dirname}"/"${filename}" /etc/letsencrypt/live/"${dirname}"/chain.pem ;;
cert*) sudo ln -s /etc/letsencrypt/archive/"${dirname}"/"${filename}" /etc/letsencrypt/live/"${dirname}"/cert.pem ;;
*) continue ;;
esac
done
done
Offcourse, to fully automate this, you put it in a file and run it 😄
Download the file from my public github and do a chmod +x letsencrypt_linkcert
.
If you want this to be used everywhere, put this file in the /usr/sbin
folder.
#!/bin/bash
##
# File:
# letsencrypt_linkcert
# Description:
# Basic script to automate linking up the certificates from letsencrypt to the "live" folder.
# By default, you need to manually link one by one with
# sudo ln -s /etc/letsencrypt/archive/sitename.com/{privkey,fullchain,chain,cert}{0..9}.pem \
# /etc/letsencrypt/live/sitename.com/{privkey,fullchain,chain,cert}.pem
##
##
# Copyright (C) 2020 Giang Nguyen <post@vi3t.net>
##
# Gotta run as root, checking up
if [[ $EUID -ne 0 ]]; then
echo "Try run it again as root or with sudo (try: sudo $BASH_SOURCE)"
exit 1
fi
# Delete live folder to start with an empty folder
rm -rf /etc/letsencrypt/live
# Create the site-folders
ls -l /etc/letsencrypt/archive/ | awk '{ print $9 }' | while read dirname
do
if [ -z "${dirname}" ]
then continue
else
mkdir -p /etc/letsencrypt/live/"${dirname}"
fi
# Read latest modified files and create the link
ls -rt /etc/letsencrypt/archive/"${dirname}" | tail -n4 | while read filename
do
case "${filename}" in
privkey*) ln -s /etc/letsencrypt/archive/"${dirname}"/"${filename}" /etc/letsencrypt/live/"${dirname}"/privkey.pem ;;
fullchain*) ln -s /etc/letsencrypt/archive/"${dirname}"/"${filename}" /etc/letsencrypt/live/"${dirname}"/fullchain.pem ;;
chain*) ln -s /etc/letsencrypt/archive/"${dirname}"/"${filename}" /etc/letsencrypt/live/"${dirname}"/chain.pem ;;
cert*) ln -s /etc/letsencrypt/archive/"${dirname}"/"${filename}" /etc/letsencrypt/live/"${dirname}"/cert.pem ;;
*) continue ;;
esac
done
done