I am running an old version of certbot on ubuntu 14.04 and have to upgrade since that version is not supported anymore. And it looks like newer versions of certbot is not supported on 14.04 anymore.
Certbot is installed on the loadbalancer server. Haproxy handles the routing of acme traffic and other web traffic. The web servers and database server are on different machines.
Since we have a lot of websites in that certificate, I don't want to mess things up :)
What I am afraid of is that I might run into problems along the way and then I want to be able to use my current (still not expired) certificate.
My plan is to first update ubuntu from 14.04 to 16.04, then 16.04 to 18.04, then 18.04 to 20.04. And then I will install a new version of certbot. (Perhaps using snap since that is recommended on the certbot webpage https://certbot.eff.org/lets-encrypt/ubuntufocal-haproxy)
So my question is basically, can I keep a copy of the certificate and use it as long as it not expired? I am afraid that in the renewal process, it might be revoked. And I don't want that.
Thanks in advance!
SSL certificates are normally revoked when lost or compromised. They are not revoked during the Let's Encrypt renewal process. To revoke a certificate requires executing the command certbot revoke or similar.
So my question is basically, can I keep a copy of the certificate and use it as long as it not expired?
Yes, you can continue to use a certificate until expired or revoked.
Note: technically SSL certificates are not renewed. Once a certificate is issued it cannot be modified. The renewal process generates a new certificate and then the old certificate is replaced. Let's Encrypt keeps the old certificates on your system.