Apologies, I just realised this should be a different thread from my previous post. Migration dry run gives warning that LetsEncrypt client is different in new Target server compared to Source. What is the best way to deal with this? Do I just do the migration then reset the LetsEncrypt setting on the web domains? Is their something else? I welcome advice
The best option is to have the same Let's encrypt client on the old and new server. So that certificates can get migrated as a conversion between certbot and acme.sh and vice versa is not possible. That's possible as well, but your sites will fail until you did that, and getting new certs from Let's encrypt is not possible until DNS for the domains points to the new system.
Thank you Till for both advice. Unless there are any hidden problems. I'll do the latter one. The new server is a simple hardware update. As soon as the migration is done the target server will be physically swapped for the old source server and will be given the same IP address. So the DNS should immediately be correct and resetting the Letsencrypt settings of the domains in ISPCOnfig should only take a few minutes. Is there anything else I need to take into account?
Besides that, there should not be any problems. In case the web server does not start due to missing SSL certs, you can just remove the symlinks to the sites in /etc/apache2/sites-enabled/ or /etc/nginx/sites-enabled/ folder (just don't disable the symlink to ispconfig vhost and apps vhost), then restart apache, login to ispconfig, go to the sites and ensure that SSL and let#s encrypt are enabled and press save to activate the site with SSL again. But that's most likely not necessary that you remove the symlinks, so don't do that unless the web server process fails to start.
